Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_1

Bugtraq archives for 1st quarter (Jan-Mar) 1998: Re: riptrace.c

Re: riptrace.c

Alfred Huger (ahugerSECURENETWORKS.COM)
Thu, 8 Jan 1998 17:06:15 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Source for NEWTEAR.C"
Previous message: Hubert Feyrer: "Re: riptrace.c"
In reply to: Christopher Masto: "Re: riptrace.c"
Next in thread: Theo de Raadt: "Re: riptrace.c"

After a quick look and asking around a bit, I have a little more
information on which OS's appear to be vulnerable (and not vulnerable) to
this attack.

SunOS 5.5 / Appears not vulnerable
BSDI 2.1 / Appears not vulnerable
Slackware Linux 2.0.29 / Appears not vulnerable
IRIX 5.2-5.3-6.2 / Vulnerable
NetBSD 1.2 / Vulnerable
OpenBSD / Appears not vulnerable
FreeBSD 2.2.2 / Appears not vulnerable
Ultrix 4.3 / Appears vulnerable

This is by no means an exhaustive list, just what I had access to test
quickly (with the exception of Ultrix which was tested by someone else).
For what it is worth Theo Deraadt had this fixed in OpenBSD some time ago.
He also, if I heard him correctly, discovered and reported this bug to
someone at SGI years ago.

/****************************************************************************
Alfred Huger                                    http://www.secnet.com/ballista
Project Director                                ahugersecnet.com
Secure Networks Inc. (SNI)
*****************************************************************************/

Next message: Aleph One: "Source for NEWTEAR.C"
Previous message: Hubert Feyrer: "Re: riptrace.c"
In reply to: Christopher Masto: "Re: riptrace.c"
Next in thread: Theo de Raadt: "Re: riptrace.c"