[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0 net-tools. (fwd)

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0 net-tools. (fwd)
From: David Wagner <daw@CS.BERKELEY.EDU>
Date: Sun, 11 Jul 1999 18:54:36 -0700

In article <m3iu8coudx.fsf@soma.andreas.org>,
Andreas Bogk  <andreas@ANDREAS.ORG> wrote:
> Raymond Dijkxhoorn <raymond@THRIJSWIJK.NL> writes:
>
> > 7. Problem description:
> >
> > Several potential buffer overruns have been corrected within the net-tools
> > package.
>
> Could someone from RedHat please identify the programs in
> question, their version numbers, the history of the code or something
> else which allows me to find out whether I'm affected or not?
>

I'm not from RedHat.  But maybe I can try to help a little, since I think I
was the one who reported these vulnerabilities.

I think the problem is present in nettools-1.52 and prior versions.  There
were a number of buffer overruns.  To see an example of one, try grepping for
strcpy in lib/inet.c; if you see something like ``strcpy(name, hp->h_name);''
you might have the vulnerable version; if you see lots of safe_strncpy()'s,
you probably have the safe version.  (I think.)

Maybe this is enough to get you started.

But please take this with a grain of salt.  I am an outsider.  For official
answers, you'd do better to ask RedHat or the code maintainers.

Credits: These buffer overruns were found with the help of an automated code
auditing tool which was developed in collaboration with Jeff Foster, Eric
Brewer, and Alex Aiken (also at Berkeley).

Prev by Date: Linux 2.0.37 segment limit bug
Next by Date: Re: your mail
Prev by thread: Linux 2.0.37 segment limit bug
Next by thread: Re: your mail
Index(es):
- Date
- Thread