On Fri, Jan 19, 2001 at 08:30:01PM +0100, Pierre Beyssac wrote:
> On Fri, Jan 19, 2001 at 06:52:27PM +0100, Paul Starzetz wrote:
> > The buffer overflowed is a 80 byte static local buffer:
> >     static char buf[80];
> 
> It is patched by default in FreeBSD's package collection. Here's
> the patch below (author: [EMAIL PROTECTED]).

Actually, the patch was mine :-)

----------------------------
revision 1.1
date: 2000/03/05 05:30:54;  author: kris;  state: Exp;
This is a setuid root binary. sprintf()s of DNS hostnames into undersized
buffers are bad. Fix this. It should also drop privileges for extra
safety, but doesn't.
=============================================================================

Kris

-- 
NOTE: To fetch an updated copy of my GPG key which has not expired,
finger [EMAIL PROTECTED]

PGP signature

Reply via email to