Re: security problems with jidentd

[scru () TECHNOTRONIC COM (Scott Fuhrman)]

I believe this has been discussed before, but it wasnt given much attention

At 08:23 PM 9/10/98 -0500, you wrote:
> Jidentd is linux-specific.  I do not know of any distributions that
> include jidentd, however there is a copy in the contrib area of
> RedHat's FTP site.  It is apparently popular among the irc crowd due
> to its ability to provide fake responses to queries.  It is believed
> that it often is run as root.  When run in standalone mode it provides
> no mechanism to drop privilege after binding its socket.

Another identd popular amongst irc patrons that falls into this category is
cidentd.  It offers the ability to fake responses via a user defined
string, and the function that reads this string is vulnerable to buffer
overflows.  To my knowledge the program is not distributed with any Linux
distro, but it was(might be now) once recommended in the ircii-pana(BitchX)
documentation.
There is also a non public exploit floating around for cidentd1.2b(I
believe) which will drop a local user into a root shell.  The program is
available somewhere on sunsites labyrinth of an ftp server.