[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] NetBSD Security Advisory 2003-011: off-by-oneerror in realpath(3)

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] NetBSD Security Advisory 2003-011: off-by-oneerror in realpath(3)
From: "NetBSD Security Officer" <security-officer@NetBSD.org>
Date: Mon, 4 Aug 2003 11:17:38 -0700
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.6336.0">
<TITLE>[Full-Disclosure] NetBSD Security Advisory 2003-011: off-by-one error in realpath(3)</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<BR>

<P><FONT SIZE=2>-----BEGIN PGP SIGNED MESSAGE-----<BR>
<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD Security Advisory 2003-011<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =================================<BR>
<BR>
Topic:&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; off-by-one error in realpath(3)<BR>
<BR>
Version:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD-current: source prior to August 4, 2003<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD 1.6.1:&nbsp;&nbsp; affected<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD 1.6:&nbsp;&nbsp;&nbsp;&nbsp; affected<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD-1.5.3:&nbsp;&nbsp; affected<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD-1.5.2:&nbsp;&nbsp; affected<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD-1.5.1:&nbsp;&nbsp; affected<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD-1.5:&nbsp;&nbsp;&nbsp;&nbsp; affected<BR>
<BR>
Severity:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Possible remote buffer overrun/root compromise<BR>
<BR>
Fixed:&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD-current: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; August 4, 2003<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD-1.6 branch:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; August 5, 2003 (1.6.2 will include the fix)<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD-1.5 branch:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Awaiting pullups<BR>
<BR>
<BR>
Abstract<BR>
========<BR>
<BR>
In the library function realpath(3), there was a string manipulation<BR>
mistake which could lead to 1-byte buffer overrun.&nbsp; realpath(3) is<BR>
being used by important network daemons such as ftpd(8),<BR>
therefore the vulnerability could be remotely exploitable.<BR>
<BR>
Note: The same error remained in a derived function in the distribution<BR>
of the wu-ftpd server (Not part of NetBSD's base system). This<BR>
information has been available to the general public for a matter of<BR>
days now. Exploits have been released against wu-ftpd. They are probably<BR>
being written against other affected services as well. If you offer any<BR>
of the affected services, you are advised to patch your system<BR>
immediately.<BR>
<BR>
<BR>
Technical Details<BR>
=================<BR>
<BR>
<A HREF="http://www.kb.cert.org/vuls/id/743092";>http://www.kb.cert.org/vuls/id/743092</A><BR>
<BR>
Binaries in the NetBSD base system which use realpath(3) include:<BR>
<BR>
/bin/systrace<BR>
/usr/libexec/ftpd (*)<BR>
/sbin/mount<BR>
/sbin/umount<BR>
/usr/sbin/mountd (*)<BR>
/usr/bin/ssh<BR>
/usr/sbin/sshd (*)<BR>
/usr/libexec/sftp-server (*)<BR>
/usr/sbin/bootpd (*)<BR>
<BR>
Binaries marked (*) listen on network interfaces, and could be remotely<BR>
exploitable.<BR>
<BR>
<BR>
Solutions and Workarounds<BR>
=========================<BR>
<BR>
To fix this vulnerability you will need to upgrade your libc.<BR>
<BR>
The following instructions describe how to upgrade your libc<BR>
binaries by updating your source tree and rebuilding and<BR>
installing a new version of libc.<BR>
<BR>
Note that all statically-linked binaries, such as the following, must be<BR>
rebuilt:<BR>
- - binaries under /sbin and /bin for 1.5 and 1.6-based systems<BR>
- - binaries under /rescue for NetBSD-current systems<BR>
- - statically-linked binaries built by pkgsrc<BR>
<BR>
Also, running instances of daemons must be restarted, if you do not plan<BR>
to reboot the machine after the update of libc.<BR>
<BR>
<BR>
* NetBSD-current:<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Systems running NetBSD-current dated from before 2003-08-03<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; should be upgraded to NetBSD-current dated 2003-08-04 or later.<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The following directories need to be updated from the<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; netbsd-current CVS branch (aka HEAD):<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lib/libc<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; To update from CVS, re-build, and re-install libc and rescue:<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd src<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cvs update -d -P lib/libc<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd lib/libc<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd ../../rescue<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (then, reboot, or restart affected daemons)<BR>
<BR>
* NetBSD 1.6, 1.6.1:<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The binary distributions of NetBSD 1.6 and 1.6.1 are vulnerable.<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Systems running NetBSD 1.6 sources dated from before<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2003-08-04 should be upgraded from NetBSD 1.6 sources dated<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2003-08-05 or later.<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; NetBSD 1.6.2 will include the fix.<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The following directories need to be updated from the<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; netbsd-1-6 CVS branch:<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; lib/libc<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; To update from CVS, re-build, and re-install libc and static<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; binaries:<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd src<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cvs update -d -P -r netbsd-1-6 lib/libc<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd lib/libc<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd ../../sbin<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd ../bin<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (then, reboot, or restart affected daemons)<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Alternatively, apply the following patch (with potential offset<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; differences):<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <A HREF="ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch";>ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch</A><BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; To patch, re-build and re-install libc, and static binaries:<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd src<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # patch &lt; /path/to/SA2003-011-realpath.patch<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd lib/libc<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd ../../sbin<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd ../bin<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (then, reboot, or restart affected daemons)<BR>
<BR>
* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; The binary distributions of NetBSD 1.5, 1.5.1, 1.5.2, and 1.5.3<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; are vulnerable.<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Changes have not yet been pulled up to the 1.5 source branch.<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Apply the following patch (with potential offset differences):<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <A HREF="ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch";>ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch</A><BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; To patch, re-build and re-install libc, and static binaries:<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd src<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # patch &lt; /path/to/SA2003-011-realpath.patch<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd lib/libc<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd ../../sbin<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # cd ../bin<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no cleandir dependall<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; # make USETOOLS=no install<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (then, reboot, or restart affected daemons)<BR>
<BR>
<BR>
Thanks To<BR>
=========<BR>
<BR>
CERT<BR>
<BR>
<BR>
Revision History<BR>
================<BR>
<BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2003-08-04&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Initial release<BR>
<BR>
<BR>
More Information<BR>
================<BR>
<BR>
Advisories may be updated as new information becomes available.<BR>
The most recent version of this advisory (PGP signed) can be found at<BR>
&nbsp; <A HREF="ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc";>ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc</A><BR>
<BR>
Information about NetBSD and NetBSD security can be found at<BR>
<A HREF="http://www.NetBSD.org/";>http://www.NetBSD.org/</A> and <A HREF="http://www.NetBSD.org/Security/";>http://www.NetBSD.org/Security/</A>.<BR>
<BR>
<BR>
Copyright 2003, The NetBSD Foundation, Inc.&nbsp; All Rights Reserved.<BR>
Redistribution permitted only in full, unmodified form.<BR>
<BR>
$NetBSD: NetBSD-SA2003-011.txt,v 1.7 2003/08/04 16:02:47 david Exp $<BR>
<BR>
-----BEGIN PGP SIGNATURE-----<BR>
Version: GnuPG v1.0.6 (NetBSD)<BR>
Comment: For info see <A HREF="http://www.gnupg.org";>http://www.gnupg.org</A><BR>
<BR>
iQCVAwUBPy6EcD5Ru2/4N2IFAQGJfgP9HXf/mfaGmp9y22PlfA+mxlTiTfb/9N8H<BR>
ovrKNKiETzFTSr1Ni/l4pqNrkYDRqyP1J4VnS/6wv1ewDYmIzXW1c98gM7+m792l<BR>
rgZSkaDWxLyPRUhQ8N3BLJKMHvMRdNWPuYwyL76QMVVVFmUo8vSlcH8PRNJrjD8K<BR>
FIhI6NQ3/+Q=<BR>
=do/K<BR>
-----END PGP SIGNATURE-----<BR>
<BR>
<BR>
_______________________________________________<BR>
Full-Disclosure - We believe in it.<BR>
Charter: <A HREF="http://lists.netsys.com/full-disclosure-charter.html";>http://lists.netsys.com/full-disclosure-charter.html</A><BR>
<BR>
</FONT>
</P>

</BODY>
</HTML>
Prev by Date: Re: [Full-Disclosure] Re: Reacting to a server compromise
Next by Date: +++++SPAM+++++ [Full-Disclosure] RPC DCOM + Kungfoo
Prev by thread: Re: [Full-Disclosure] Re: Reacting to a server compromise
Next by thread: +++++SPAM+++++ [Full-Disclosure] RPC DCOM + Kungfoo
Index(es):
- Date
- Thread