Vulnerability Development mailing list archives
Re: 2 dodgy network programs
From: gbayley () AUSMAC NET (Grant Bayley)
Date: Tue, 12 Oct 1999 00:24:02 +1000
Date: Sat, 9 Oct 1999 11:22:02 +0100 From: Antonomasia <ant () NOTATLA DEMON CO UK> Subject: 2 dodgy network programs I was just visiting http://www.echelon.wiretapped.net and downloaded a small file called "tcplog.c" with no author or version stated. It is for logging connections to your box (linux only). There are some minor coding gripes I could make, but line 107 takes a risk with the size of a hostname
Just for the purpose of noting the original source of the file (I operate the WireTapped site), this particular file came from: ftp://ftp.technotronic.com/unix/protocol-loggers/tcplog.c Short of actually removing the file, I've added this information and a cautionary note of the problem at line 107 to the file on wiretapped.net
Also I want to mention DeleGate-5.9.3 (at www.echelon.wiretapped.net and elsewhere, in versions for Linux, AIX etc). Luc Stepniewski <lstep () mail dotcom fr> drew attention to this in April 1999 for having very many string operations without bounds checking. Although I made it dump core
The home page for this is at: http://wall.etl.go.jp/delegate/ Having seen this posting, I've now updated the DeleGate file on WireTapped to 5.9.5, the current version: http://the.wiretapped.net/security/firewalls/delegate5.9.5.tar.gz Hope this adequately addresses the problems you've raised, Grant _______________________________________________________ Grant Bayley gbayley () ausmac net - IT Manager, Batey Kazoo (www.kazoo.com.au) - Administrator, The AusMac Archive (www.ausmac.net) - Webmaster/Organiser, 2600 Australia (www.2600.org.au) _______________________________________________________
Current thread:
- Re: 2 dodgy network programs Grant Bayley (Oct 11)