<<< Date Index >>> <<< Thread Index >>>

Re: *BSD banner INT overflow vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: *BSD banner INT overflow vulnerability
From: Steve Shockley <steve.shockley@xxxxxxxxxxxx>
Date: Wed, 22 Nov 2006 11:02:12 -0500
In-reply-to: <E1GmoEi-000GfC-00.dead-code-crew-mail-ru@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <E1GmoEi-000GfC-00.dead-code-crew-mail-ru@xxxxxxxxxxx>
User-agent: Thunderbird 3.0a1 (Windows/20061113)

Gruzicki Wlodek wrote:

 ( By default banner hasn't got set suid bit )

Why in the world would someone add a suid bit to banner? Maybe it's abug, but you had to work hard to turn it into a vulnerability.

Follow-Ups:
- Re: *BSD banner INT overflow vulnerability
  - From: admin

References:
- *BSD banner INT overflow vulnerability
  - From: Gruzicki Wlodek

Prev by Date: Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions
Next by Date: Re: Clarifying integer overflows vs. signedness errors
Previous by thread: *BSD banner INT overflow vulnerability
Next by thread: Re: *BSD banner INT overflow vulnerability
Index(es):
- Date
- Thread