COMMAND
	    /usr/bin/doscmd
SYSTEMS AFFECTED
	    BSDI 3.1, FreeBSD
PROBLEM
	    kasper  found   following.   He   found  a   buffer  overflow   in
	    /usr/bin/doscmd distributed with BSDI 3.1..  For example:
	
	        finally:~ $ /usr/bin/doscmd `perl -e 'print "A" x 1015'`
	        Segmentation fault
	
	    doscmd is  setuid executable  as well.   This was  not "tested" on
	    anything  other  than  2  BSDI  3.1  (x86)  machines.  Warner Losh
	    confirmed same on FreeBSD.  On FreeBSD, where doscmd wasn't  built
	    by default until  quite recently, we  have same behaviour.   There
	    are several  others that  were hard  to find/fix  and one can move
	    the buffer overflow to a place  later in the program.  It  appears
	    that much work  will need to  be done to  rid this program  of the
	    buffer  overflows  from  this  one,  simple  example.   The buffer
	    overflows  look  like  they  could  be  exploitable,  at  least in
	    FreeBSD's  version  (core  files  that  show an illegal address of
	    0x41414141).
SOLUTION
	    Nothing yet.  Take the precaution of removing the setgid kmem  bit
	    from the installed binary until these issues can be resolved.