Vulnerability Development mailing list archives
Re: procmail again
From: Valdis.Kletnieks () vt edu
Date: Sun, 19 Oct 2003 02:49:13 -0400
On Sat, 18 Oct 2003 22:34:14 PDT, ned said:
libd.so.1 is the sharefuzz getenv() hooker which just returns big buffers. i no longer have a redhat 7.1 machine and that information is little over 12 months old therefore someone with a rh 7.1 system please send in your
Oh.. getenv hooker. Hmm.. Might be fixed by: 2001/06/28: v3.20 Changes to procmail: (....) - Drop duplicate and malformed environment entries but trying to develop anything out of it will be quite the challenge - you'll need to find a procmail 3.14 running on a box that doesn't leak like swiss cheese through other holes - I'd not trust *anything* on an unpatched RH7.1 that's on a public net. I mean, how do you know some hacker hasn't nailed libc.so with some code that does: if (!geteuid() && !strcmp(argv[0],"procmail")) {..... to re-insert a backdoor into the system? If your research box is very old and/or unpatched, and isn't in a strictly controlled lab environment, trying to research can be interesting because you can't be sure you aren't tripping over somebody else's rootkit.. ;) (What? You wanted more profound insight at 2:45AM? ;)
Attachment:
_bin
Description:
Current thread:
- procmail again ned (Oct 18)
- Re: procmail again Valdis . Kletnieks (Oct 18)
- Re: procmail again ned (Oct 19)
- Re: procmail again Valdis . Kletnieks (Oct 19)
- Re: procmail again ned (Oct 19)
- Re: procmail again Valdis . Kletnieks (Oct 18)