bin/80661: [patch] [SECURITY] Missing NULL termination after
strncpy() in rlogin(1)
Simon L. Nielsen
simon at FreeBSD.org
Sun May 29 08:45:31 PDT 2005
Synopsis: [patch] [SECURITY] Missing NULL termination after strncpy() in rlogin(1)
State-Changed-From-To: open->feedback
State-Changed-By: simon
State-Changed-When: Sun May 29 15:33:56 GMT 2005
State-Changed-Why:
We (the Security Team) can't find anywhere in the code-path where this
bug where this could lead to a situation that could be exploited as a
security vulnerability. You could crash rlogin, but not in a way
which would cause it to execute arbitrary cod as root. Have you found
any explicit place this bug could be exploited?
In any case, I have committed the patch to RELENG_4 since not NUL
terminating the buffer is certainly a bug, even it's not a security
bug.
Thanks for the report. I'm keeping the PR open in feedback state for
now, since I would like to hear comments from Przemyslaw Frasunek
before totally closing this issue.
Responsible-Changed-From-To: freebsd-bugs->simon
Responsible-Changed-By: simon
Responsible-Changed-When: Sun May 29 15:33:56 GMT 2005
Responsible-Changed-Why:
I will handle followups.
http://www.freebsd.org/cgi/query-pr.cgi?pr=80661
More information about the freebsd-bugs
mailing list