SECURITY FIX: fix buffer overflow reading queue file in lpd
For those running OpenBSD, especially as a gateway/firewall/NAT box, this is an important fix. I am running 2.9 with this patch added, and my snort logs tell me (judging from the number of attempts) that this exploit is a fairly commonly tried one. In November alone, there were at least 30 lpd overflow attempts on my machine. Granted, not most people have lpd open to the world, but I can imagine a few people might want to do remote printing from work, etc.
Dr. Felten, thanks for your time to answer our questions. We do appreciate it.:-)
First, when you started your research, did you ever expect that you would be at the forefront of a legal battle to keep academic speech free and protected? Do you ever have any misgivings about taking a high profile in this matter? I know there are some researchers (some of my colleauges included) who shy away from anything legal and would rather just do work that might not be as controversial. It's good to see you getting involved and make sure that our rights as academics are preserved.
Secondly, what has it been like working with the EFF? I have a great deal of respect for them and have been a member for a couple of years now. I am just curious as to the 'behind-the-scenes' process that you and the EFF lawyers have been persuing as this case pans out.
I don't know if it's worth bringing back, since its output will be NTSC and you'll need a multiformat TV or some other piece of hardware that converts the NTSC signal to PAL.
Slashdot Mirror
SECURITY FIX: fix buffer overflow reading queue file in lpd
For those running OpenBSD, especially as a gateway/firewall/NAT box, this is an important fix. I am running 2.9 with this patch added, and my snort logs tell me (judging from the number of attempts) that this exploit is a fairly commonly tried one. In November alone, there were at least 30 lpd overflow attempts on my machine. Granted, not most people have lpd open to the world, but I can imagine a few people might want to do remote printing from work, etc.
Dr. Felten, thanks for your time to answer our questions. We do appreciate it. :-)
First, when you started your research, did you ever expect that you would be at the forefront of a legal battle to keep academic speech free and protected? Do you ever have any misgivings about taking a high profile in this matter? I know there are some researchers (some of my colleauges included) who shy away from anything legal and would rather just do work that might not be as controversial. It's good to see you getting involved and make sure that our rights as academics are preserved.
Secondly, what has it been like working with the EFF? I have a great deal of respect for them and have been a member for a couple of years now. I am just curious as to the 'behind-the-scenes' process that you and the EFF lawyers have been persuing as this case pans out.
I don't know if it's worth bringing back, since its output will be NTSC and you'll need a multiformat TV or some other piece of hardware that converts the NTSC signal to PAL.