[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is a realpath patch planned for 3.1?

To: bugs_(_at_)_openbsd_(_dot_)_org
Subject: Is a realpath patch planned for 3.1?
From: Victor Serbe <vserbe_(_at_)_tcs-sec_(_dot_)_com>
Date: Tue, 12 Aug 2003 14:32:55 -0400

Noting:
001: SECURITY FIX: August 4, 2003
An off-by-one error exists in the C library function realpath(3). Since this
same bug resulted in a root compromise in the wu-ftpd ftp server it is
possible that this bug may allow an attacker to gain escalated privileges on
OpenBSD.

Question:
I notice you have realpath patches for 3.2 and 3.3, is one
for 3.1 planned?  I have ben looking around the web site
for some sort of maintenance policy, but haven't found
one yet.

Thanks!

--
Vic Serbe
Trusted Computer Solutions, Inc.
Urbana, IL Office (217) 384-0028 x14
http://www.tcs-sec.com/

Prev by Date: problem with wget with pkg_add
Next by Date: Re: problem with wget with pkg_add
Previous by thread: Re: problem with wget with pkg_add
Next by thread: Re: Is a realpath patch planned for 3.1?
Index(es):
- Date
- Thread

Visit your host, monkey.org