netbsd-help: Re: amd buffer overflow attack

Subject: Re: amd buffer overflow attack
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
From: Zdenek Salvet <salvet@ics.muni.cz>
List: netbsd-help
Date: 11/22/1999 17:07:51

> On Thu, Nov 18, 1999 at 09:15:37AM -0600, Ruibiao Qiu wrote:
> > Hi, all
> > 
> > Checking out the following URL:
> > 	http://www.cert.org/advisories/CA-99-12-amd.html
> > I wonder if NetBSD is vulnerable to this attack.  OpenBSD is not,
> > but FreeBSD needs a patch for this.
> 
> NetBSD was. 1.4.1 is vulnerable, you need to upgrade to the -release branch
> or a recent -current (I don't remenber the exact date of the fix - a month or
> two).

IMNSHO, vsprintf call in xutil.c:real_plog() should be converted
to vsnprintf(ptr,1024,efmt, vargs); otherwise similar new vulnerabilities
can occur easily.

-- 
Zdenek Salvet                                              salvet@ics.muni.cz 
Ustav vypocetni techniky Masarykovy univerzity, Brno
tel.: ++420-5-41 512 257                           Fax: ++420-5-41 212 747
----------------------------------------------------------------------------
         God isn't dead, He's just trying to avoid the draft.