Bug 3041 – z-rejected: setiathome borked with buffer overflow

Bug 3041 - z-rejected: setiathome borked with buffer overflow

Summary:

z-rejected: setiathome borked with buffer overflow

Status:	CLOSED FIXED

Product:	Security
Classification:	Unclassified
Component:	General / Other Security Issue
Version:	unspecified
Platform:	Other other

Importance:	P2 normal
Assigned To:	SM Security List

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2003-04-07 02:15 UTC by Seth Woolley
Modified:	2003-10-19 23:16 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Seth Woolley 2003-04-07 02:15:33 UTC

http://slashdot.org/comments.pl?sid=59820&cid=5673436
http://setiathome.berkeley.edu/version308.html

I was going to update it, but I don't use this and wouldn't know how to test it
as the version we have is 3.03 and this is 3.08 (don't know if there are any
special differences).

The first url above has links to slowlaris and linhooks versions.  The spell
also seemed to want i386 version, and the link above is i686, are we just
defaulting to 386 (awefully slow...)?

Comment 1 Jose Bernardo Silva 2003-04-07 03:55:06 UTC

Well, yesterday after the /. announcement, the linux version was still 3.03, and
the bug doesn't seem to be critical, but if you can find the new version for
linux, go ahead and update it.

Comment 2 Jose Bernardo Silva 2003-04-07 04:20:15 UTC

Anyway, it's simple to test the new version, you just need to run the installed
executable, I'll download it today if it is already available and I'll test it.

Comment 3 Seth Woolley 2003-04-08 16:42:05 UTC

I searched around...

      686)          ARK=i686-pc-linux-gnu     ;
            PREPARE_MD5=01d05178bd22c36b2e411dd12f23661a  ;;


that's the only one available (for PREPEARE script)

Obviously this isn't serious otherwise they would release versions that would
work on our system.  Since this isn't statically-built I don't even know if it
will work, and we leave out all the 386 people, sparc, and ppc.  I'd say not to
update until they actually release more versions, else we'll break half the
installs, at very minimum a 386 version.  Perhaps a SECURITY file would be a
good addition instead notifying people if they try to cast it? that something's
up and the setiathome people are slow to rebuild stuff?

Comment 4 Jose Bernardo Silva 2003-04-09 05:03:47 UTC

Do we have support for a SECURITY file? Time to re-check the wiki... :)

Comment 5 Seth Woolley 2003-06-02 05:27:59 UTC

the versions in our prepare are still the most up-to-date.  I'm going to close
this out -- reopen if they ever decide to update to 3.08 for sparc and ppc --
maybe they aren't exploitable on those archs?

Comment 6 games 2003-10-19 23:16:02 UTC

if any of these still have issues outstanding then they can be reopened, but
most  have just been overlooked/forgotten
("these" refers to the 611 fixed but not closed bugs I just found in our database)