[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0
From:       David Wagner <daw () CS ! BERKELEY ! EDU>
Date:       1999-07-12 1:54:36
[Download RAW message or body]

In article <m3iu8coudx.fsf@soma.andreas.org>,
Andreas Bogk  <andreas@ANDREAS.ORG> wrote:
> Raymond Dijkxhoorn <raymond@THRIJSWIJK.NL> writes:
>
> > 7. Problem description:
> >
> > Several potential buffer overruns have been corrected within the net-tools
> > package.
>
> Could someone from RedHat please identify the programs in
> question, their version numbers, the history of the code or something
> else which allows me to find out whether I'm affected or not?
>

I'm not from RedHat.  But maybe I can try to help a little, since I think I
was the one who reported these vulnerabilities.

I think the problem is present in nettools-1.52 and prior versions.  There
were a number of buffer overruns.  To see an example of one, try grepping for
strcpy in lib/inet.c; if you see something like ``strcpy(name, hp->h_name);''
you might have the vulnerable version; if you see lots of safe_strncpy()'s,
you probably have the safe version.  (I think.)

Maybe this is enough to get you started.

But please take this with a grain of salt.  I am an outsider.  For official
answers, you'd do better to ask RedHat or the code maintainers.

Credits: These buffer overruns were found with the help of an automated code
auditing tool which was developed in collaboration with Jeff Foster, Eric
Brewer, and Alex Aiken (also at Berkeley).

[prev in list] [next in list] [prev in thread] [next in thread]