|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: bootpd remote vulnerability
John McDonald (jmcdonal
UNF.EDU)Mon, 7 Dec 1998 09:43:42 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Mark Spencer: "Cheops"
- Previous message: Pavel Kankovsky: "Re: RSI.0012.12-03-98.SOLARIS.MKCOOKIE"
- In reply to: Crispin Cowan: "Re: bootpd remote vulnerability"
On Sat, 5 Dec 1998, Crispin Cowan wrote: > Is Linux not vulnerable for some systemic reason, or because the distributed > bootp doesn't have the vulnerability? > > Thanks, > Crispin I looked at Linux a while ago, so this is a somewhat vague memory. I believe I looked at a stable debian release (non-glibc), an older slackware version, freebsd 2.2.5, and freebsd 2.2.2. I apologize for my lack of memory. Anyway, I believe in all of these systems, the vulnerability was present, but it was not exploitable. The values in memory after the hwinfolist table were either too small to overwrite enough of the stack, or so large that they caused a seg fault. I remember there were some appropriate values in some cases, but they were over 255, and the value in memory that would correspond with their description was not a valid deferencable pointer. Thus, the warning that bootpd prints out would cause a bus error. horizon
- Next message: Mark Spencer: "Cheops"
- Previous message: Pavel Kankovsky: "Re: RSI.0012.12-03-98.SOLARIS.MKCOOKIE"
- In reply to: Crispin Cowan: "Re: bootpd remote vulnerability"