> > > > Here is a quick bsd/os (should work in freebsd too, I believe) exploitation
> > > > script for the rdist buffer overflow vulnerbility.
> > >
> > > Confirmed for FreeBSD 2.1.0-RELEASE, 2.2-960501-SNAP and
> > > 2.2-960601-SNAP. Haven't tried it with the 2.1.5 release stream yet.
Agreed, another confirmation that this exploit works on 2.1.0-RELEASE. I
temporarily fixed the problem by doing (this may be overboard, but I am
getting paranoid with all these BSD holes lately!) the following:
chflags noschg /usr/bin/rdist # must take off immutable flag!
chmod 000 /usr/bin/rdist # wipe all functionality from this prog
Looking forward to a source patch, for sure!
Andy
.............................................................................
. Andrew Edmond . Children of a future age, .
.. edmond_at_lycaeum.org ... Reading this indignant page, ..
... University of Wyoming ..... Know that in a former time, ...
.... Botany Department ....... A path to God was thought a crime. ....
....................... the Lycaeum .........................................
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzGauk0AAAEEANjORiZVrD98GS+vkJv+36CLC5Agifk8ra61i3i+Ms2115uK
9WoeUBA2J9QkjG+dM6tEOkPtrnZFkahFbOsDT0Rh46eBktdAp7IXY5M2zN4r1bWt
x6w4b//ffkfRbrTinovxXYLJa5oASudlQbNkVpqAOAH1fdTO3xFsi69/gtsxAAUR
tCJBbmRyZXcgRWRtb25kIDxlZG1vbmRAbHljYWV1bS5vcmc+tBBBbmRyZXcgTi4g
RWRtb25k
=l080
-----END PGP PUBLIC KEY BLOCK-----
Received on Jul 13 1996
Intro
