|
|
Re: Slrnpull Buffer Overflow (-d parameter): msg#00420security.bugtraq
Alex Hernandez (alex_hernandez@xxxxxxxxxx) said: > Linux RH.6.2 Sparc64 and below versions. On Red Hat Linux 6.2 for sparc: # ls -l /usr/bin/slrnpull -rwxr-s--- 1 news news 48688 Feb 7 2000 /usr/bin/slrnpull # rpm -q slrn-pull slrn-pull-0.9.6.2-4 With all updates applied: # ls -l /usr/bin/slrnpull -rwxr-s--- 1 root news 55456 Mar 1 2001 /usr/bin/slrnpull # rpm -q slrn-pull slrn-pull-0.9.6.4-0.6 Hence, while you may be able to get group news, the program is only runnable by group news. So, I don't think there are any security implications here. Bill |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: QPopper 4.0.4 buffer overflow: 00420, J Mike Rollins |
|---|---|
| Next by Date: | KPMG-2002016: Bea Weblogic incorrect URL parsing issues: 00420, Peter Gründl |
| Previous by Thread: | Slrnpull Buffer Overflow (-d parameter)i: 00420, Alex Hernandez |
| Next by Thread: | Pine Internet Advisory: Setuid application execution may give local root in FreeBSD: 00420, Patrick Oonk |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |