Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Exploitable buffer overflow in bootpd (most unices)Chris Evans (chrisFERRET.LMH.OX.AC.UK)
Sun, 13 Dec 1998 12:42:21 +0000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Alan Cox: "Triteal release updated CDE with security fixes"
- Previous message: mnemonix: "Microsoft's Network Monitor - Buffer Overrun / Page Fault /"
- In reply to: Willem Pinckaers: "Exploitable buffer overflow in bootpd (most unices)"
On Wed, 25 Jun 1997, Willem Pinckaers wrote: > We don't know of any unix system that is NOT vulnerable to this problem. > Exploit code was tested against linux systems running debian 2.0 (glibc), and > debian 1.3, both running bootpd 2.4.3. This is old news. I spotted the problem several months ago. For a non-vulnerable UNIX system try Redhat-5.2. Regardless, RedHat don't enable bootpd by default (dhcp is used). Oh, I think OpenBSD fixed this too. One of the few vendors who actually take note when you explain there is a security bug. Chris