Re: CERT Advisory CA-97.23 - rdist

Simon Karpen (slk@GRACE.ACM.RPI.EDU)
Tue, 16 Sep 1997 23:48:21 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Sun Security Bulletin #00154"
Previous message: Ian McKellar: "Java/JavaScript DoS"
Maybe in reply to: Aleph One: "CERT Advisory CA-97.23 - rdist"

On Tue, 16 Sep 1997, Perry E. Metzger wrote:

> > > CERT* Advisory CA-97.23
> > > Original issue date: September 16, 1997
> > > Last revised: --
> > >
> > > Topic: Buffer Overflow Problem in rdist
> >
> > OpenBSD does not have this problem. None of the versions of rdist
> > distributed are setuid or setgid.
>
> NetBSD no longer has suid versions of rdist either.

Neither Debian Linux 1.3.1 nor Redhat Linux 4.2 have setuid
versions of rdist either.

Simon Karpen
karpes@rpi.edu slk@acm.rpi.edu
"Fixing Unix is easier than living with NT."
--Larry McVoy

Next message: Aleph One: "Sun Security Bulletin #00154"
Previous message: Ian McKellar: "Java/JavaScript DoS"
Maybe in reply to: Aleph One: "CERT Advisory CA-97.23 - rdist"