|
|
ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #055 [Re: NNTP vulnerability] (1 message, 578 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/055.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: fair@ucbarpa.Berkeley.EDU (Erik E. Fair)
To: phage
Date: Sat 16:33:30 05/11/1988 EST
Subject: Re: NNTP vulnerability
References:
[Thread Prev: 052]
[Thread Next: 053]
[Message Prev: 057]
[Message Next: 058]
Phil Lapsley <phil@ucbarpa.berkeley.edu> wrote the daemon (nntpd), and since he has been one of the people "on the point" during this mess, I submit that he is ideally qualified to tell us about it. However, let's give him a little respite, eh? If you want to do the analysis yourself, it should be relatively easy (and you should do it for ALL network daemons, not just NNTP): look for places in the code where the programmer is reading data from the network without checking the bounds on his/her input buffer. Erik E. Fair ucbvax!fair fair@ucbarpa.berkeley.edu
END OF DOCUMENT
| ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved. |