[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Is a realpath patch planned for 3.1?
- To: bugs_(_at_)_openbsd_(_dot_)_org
- Subject: Is a realpath patch planned for 3.1?
- From: Victor Serbe <vserbe_(_at_)_tcs-sec_(_dot_)_com>
- Date: Tue, 12 Aug 2003 14:32:55 -0400
001: SECURITY FIX: August 4, 2003
An off-by-one error exists in the C library function realpath(3). Since this
same bug resulted in a root compromise in the wu-ftpd ftp server it is
possible that this bug may allow an attacker to gain escalated privileges on
I notice you have realpath patches for 3.2 and 3.3, is one
for 3.1 planned? I have ben looking around the web site
for some sort of maintenance policy, but haven't found
Trusted Computer Solutions, Inc.
Urbana, IL Office (217) 384-0028 x14
Visit your host, monkey.org