|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: evil statd function
From: Chris Evans (chris
ferret.lmh.ox.ac.uk)Date: Thu Jun 29 2000 - 12:58:15 CDT
- Next message: lamonticopyright.com: "Re: evil statd function"
- Previous message: lamonticopyright.com: "evil statd function"
- In reply to: lamonticopyright.com: "evil statd function"
- Next in thread: lamonticopyright.com: "Re: evil statd function"
- Reply: Chris Evans: "Re: evil statd function"
- Reply: lamonticopyright.com: "Re: evil statd function"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 29 Jun 2000 lamonticopyright.com wrote:
> grepping through the redhat sources for nfs-utils-0.1.6 i found this:
>
> /*
> * Write the _msgout function
> */
[snip syslog abuse]
Well spotted. It's already been independently spotted by both myself and
Jeff Uphoff. The nfs-utils case will be fixed by Jeff I hope.
More seriously, perhaps.... an identical flaw exists in glibc rpcgen. I've
informed the glibc maintainers, and it'll get fixed. I wonder what glibc
rpcgen is used to generate code for. Internal bits of glibc rpc
code? (ouch). Vulnerabilities in portmap? mountd?
Comments requested..
Chris
- Next message: lamonticopyright.com: "Re: evil statd function"
- Previous message: lamonticopyright.com: "evil statd function"
- In reply to: lamonticopyright.com: "evil statd function"
- Next in thread: lamonticopyright.com: "Re: evil statd function"
- Reply: Chris Evans: "Re: evil statd function"
- Reply: lamonticopyright.com: "Re: evil statd function"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]