Bugtraq mailing list archives
Re: identd hole?
From: bugtraq () lefty novasys com (Bugtraq Archiver)
Date: Tue, 16 Jul 1996 03:38:50 GMT
Aleph-1 mentioned that it might be a sendmail overrun bug if the connections were to HIS ident port but they were not. All the same this bug is also news to me (I'm fairly new to bugtraq) and I can only assume that this also has been used in the past(?). MY current sendmail on *all* of my machines is 8.7.5 but I'm willing to bet that there are already hacks to that one as well.
its possible that its an atoi() (or more properly strtol()) bug.. Most people run identd as root, this means that if someone happens to overflow a buffer (which is easily done with atoi()) then you can write on the stack and execute things as root (there may have been so many connections becuase his exploit was guessing the proper stack offset.. I am not certain this is what was done either, its just a guess with the information provided..
Current thread:
- Re: identd hole? Bugtraq Archiver (Jul 15)
- Re: identd hole? Henri Karrenbeld (Jul 16)
- <Possible follow-ups>
- Re: identd hole? Jeff Uphoff (Jul 16)
- Re: identd hole? Dave G. (Jul 16)
- Re: [linux-security] Re: identd hole? lilo (Jul 18)
- Re: identd hole? der Mouse (Jul 16)
- Re: identd hole? Jacob Langseth (Jul 16)