X-Message-Index: 055
X-Message-Prev: 057
X-Message-Next: 058
X-Thread-Prev: 052
X-Thread-Next: 053
From: fair@ucbarpa.Berkeley.EDU (Erik E. Fair)
To: phage
X-To: Edward Vielmetti <emv@starbarlounge.cc.umich.edu>, phage
Subject: Re: NNTP vulnerability
Date: Sat, 05 Nov 88 13:33:30 PST
X-Date: Sat 16:33:30 05/11/1988 EST

Phil Lapsley <phil@ucbarpa.berkeley.edu> wrote the daemon (nntpd),
and since he has been one of the people "on the point" during this
mess, I submit that he is ideally qualified to tell us about it.
However, let's give him a little respite, eh?

If you want to do the analysis yourself, it should be relatively easy
(and you should do it for ALL network daemons, not just NNTP): look
for places in the code where the programmer is reading data from the
network without checking the bounds on his/her input buffer.

	Erik E. Fair	ucbvax!fair	fair@ucbarpa.berkeley.edu