Xref: utzoo comp.protocols.tcp-ip:5184 comp.unix.wizards:12175
Path: utzoo!utgpu!attcan!uunet!husc6!bloom-beacon!apple!bionet!agate!ucbvax!decwrl!labrea!glacier!jbn
From: jbn@glacier.STANFORD.EDU (John B. Nagle)
Newsgroups: comp.protocols.tcp-ip,comp.unix.wizards
Subject: Re: a holiday gift from Robert "wormer" Morris
Message-ID: <17820@glacier.STANFORD.EDU>
Date: 7 Nov 88 02:27:19 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <2060@spdcc.COM> <24@jove.dec.com>
Reply-To: jbn@glacier.UUCP (John B. Nagle)
Distribution: na
Organization: Stanford University
Lines: 9

In article <24@jove.dec.com> vixie@decwrl.dec.com (Paul Vixie) writes:
>The bug in fingerd was a big surprise, though.  Overwriting a stack frame
>on a remote machine with executable code is One Very Neat Trick.

       Yes.  But not all that uncommon, given classical C's rather casual 
approach to array sizing.  "login" in V6 UNIX could be broken by submitting 
very long, suitably constructed passwords.

					John Nagle