Full Disclosure mailing list archives
Fw: bug in uml_net
From: "GaLiaRePt" <galiarept () phreaker net>
Date: Fri, 23 May 2003 23:10:21 +0200
There is a vulnerability in uml_net. The latest version is vulnerable too. The problem is the lack of bounds checking in uml_net.c from uml_utilities, A possible attack could lead to root compromise on some systems since for example uml_net comes suided root in RH 8.0 by default. Suggested patch: - if(v > CURRENT_VERSION){ + if ((v > CURRENT_VERSION) || (v < 0)) { Contact: ktha () hushmail com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fw: bug in uml_net GaLiaRePt (May 24)