|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Format strings: bug #1: BSD-lpr
From: Kris Kennaway (kris
FREEBSD.ORG)Date: Tue Sep 26 2000 - 02:02:48 CDT
- Next message: Lincoln Yeoh: "Re: More info for E*TRADE users"
- Previous message: Georgi Guninski: "IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files"
- In reply to: Chris Evans: "Format strings: bug #1: BSD-lpr"
- Next in thread: Sean Winn: "Re: Format strings: bug #1: BSD-lpr"
- Reply: Kris Kennaway: "Re: Format strings: bug #1: BSD-lpr"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 26 Sep 2000, Chris Evans wrote:
> OpenBSD ship BSD-lpr. Not only have they already fixed this in their CVS,
> but they also offer web indexed CVS. They caught it independently as part
> of their "format strings" audit.
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/lpr/lpd/printjob.c?r1=1.19&r2=1.20
It seems FreeBSD fixed this one back in 1997:
http://www.FreeBSD.org/cgi/cvsweb.cgi/src/usr.sbin/lpr/lpd/printjob.c.diff?r1=1.17&r2=1.18
(I was worried for a second there when I didnt remember catching this one
in our recent audit sweep ;-)
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythealum.mit.edu>
- Next message: Lincoln Yeoh: "Re: More info for E*TRADE users"
- Previous message: Georgi Guninski: "IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files"
- In reply to: Chris Evans: "Format strings: bug #1: BSD-lpr"
- Next in thread: Sean Winn: "Re: Format strings: bug #1: BSD-lpr"
- Reply: Kris Kennaway: "Re: Format strings: bug #1: BSD-lpr"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]