Full Disclosure mailing list archives
Fw: bug in uml_net
From: "GaLiaRePt" <galiarept () phreaker net>
Date: Fri, 23 May 2003 23:10:21 +0200
There is a vulnerability in uml_net. The latest version is vulnerable too.
The problem is the lack of bounds checking in uml_net.c from uml_utilities,
A possible attack could lead to root compromise on some systems since for
example uml_net comes suided root in RH 8.0 by default.
Suggested patch:
- if(v > CURRENT_VERSION){
+ if ((v > CURRENT_VERSION) || (v < 0)) {
Contact: ktha () hushmail com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fw: bug in uml_net GaLiaRePt (May 24)
