Bugtraq: Re: FreeBSD Security Advisory: SA-96:21

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: FreeBSD Security Advisory: SA-96:21 - talkd

From: deraadt () theos com (Theo de Raadt)
Date: Mon, 20 Jan 1997 18:02:39 -0700

Topic:          unauthorized access via buffer overrun in talkd

Category:       core
Module:         talkd
Announced:      1997-01-18
Affects:        1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1
Corrected:      2.2-current as of 1997-01-18
                2.1-stable  as of 1197-01-18
FreeBSD only:   no

Patches:        ftp://freebsd.org/pub/CERT/patches/SA-96:21/
References:     AUSCERT AA-97.01 (Australian CERT organization),
                SEI CERT VU#5942 (internal tracking reference only)

=============================================================================

I.   Background

     Buffer overrun (aka stack overflow) exploits in system
     supplied and locally installed utilities are commonly
     used by individuals wishing to obtain unauthorized access to
     computer systems.  The FreeBSD team has been reviewing and
     fixing the source code pool to eliminate potential exploits
     based on this technique.

     Recently, the Australian CERT organization received information
     of a buffer-overrun vulnerability in the talkd daemon shipped in
     most modern BSD based systems.


For the record... OpenBSD 2.0 shipped with this bug fixed, too.

By Date By Thread

Current thread:

[linux-security] SECURITY: Important bug fix for /sbin/login, (continued)