NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-06

From: Florian Weimer (Florian.WeimerRUS.Uni-Stuttgart.DE)
Date: Tue Jun 05 2001 - 17:02:56 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Roman Drahtmueller <drahtsuse.de> writes:

> We hope that this information is accurate. Version 4.0.2 is not on the ftp
> server any more, and there is no patch from 4.0.2 to 4.0.3.
> We currently feel handicapped in our efforts to check the code for the
> changes wrt the buffer overflow.

Fortunately, there are mirrors. The problem is that 4.0.2 discovered
the buffer overflow attempt, even logged it via syslog(), but failed
to actually truncate the string and copied the original one to a
buffer of bounded length.

However, I agree that removing the previous version and not providing
a diff is extremely counterproductive.

-- 
Florian Weimer 	                  Florian.WeimerRUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]