Bugtraq mailing list archives

Re: identd hole?

From: bugtraq () lefty novasys com (Bugtraq Archiver)
Date: Tue, 16 Jul 1996 03:38:50 GMT

Aleph-1 mentioned that it might be a sendmail overrun bug if the connections
were to HIS ident port but they were not. All the same this bug is also news
to me (I'm fairly new to bugtraq) and I can only assume that this also has
been used in the past(?). MY current sendmail on *all* of my machines is
8.7.5 but I'm willing to bet that there are already hacks to that one as
well.


its possible that its an atoi() (or more properly strtol()) bug..  Most
people run identd as root, this means that if someone happens to overflow
a buffer (which is easily done with atoi()) then you can write on the
stack and execute things as root (there may have been so many connections
becuase his exploit was guessing the proper stack offset..  I am not certain
this is what was done either, its just a guess with the information provided..

Current thread:

Re: identd hole? Bugtraq Archiver (Jul 15)
- Re: identd hole? Henri Karrenbeld (Jul 16)
- <Possible follow-ups>
- Re: identd hole? Jeff Uphoff (Jul 16)
- Re: identd hole? Dave G. (Jul 16)
  - Re: [linux-security] Re: identd hole? lilo (Jul 18)
- Re: identd hole? der Mouse (Jul 16)
- Re: identd hole? Jacob Langseth (Jul 16)