Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: FreeBSD Security Advisory: SA-96:21 - talkd

Re: FreeBSD Security Advisory: SA-96:21 - talkd

From: Theo de Raadt <deraadt_at_theos.com>
Date: Mon, 20 Jan 1997 18:02:39 -0700

> Topic: unauthorized access via buffer overrun in talkd
>
> Category: core
> Module: talkd
> Announced: 1997-01-18
> Affects: 1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1
> Corrected: 2.2-current as of 1997-01-18
> 2.1-stable as of 1197-01-18
> FreeBSD only: no
>
> Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:21/
> References: AUSCERT AA-97.01 (Australian CERT organization),
> SEI CERT VU#5942 (internal tracking reference only)
>
> =============================================================================
>
> I. Background
>
> Buffer overrun (aka stack overflow) exploits in system
> supplied and locally installed utilities are commonly
> used by individuals wishing to obtain unauthorized access to
> computer systems. The FreeBSD team has been reviewing and
> fixing the source code pool to eliminate potential exploits
> based on this technique.
>
> Recently, the Australian CERT organization received information
> of a buffer-overrun vulnerability in the talkd daemon shipped in
> most modern BSD based systems.

For the record... OpenBSD 2.0 shipped with this bug fixed, too.
Received on Jan 20 1997

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]