Bugtraq mailing list archives

Re: SUMMARY: AntiFlash talkd

From: ganderson () clark net (Gary Anderson)
Date: Mon, 24 Apr 1995 19:33:08 -0400 (EDT)


On Mon, 24 Apr 1995, Richard Allen wrote:

Date: Mon, 24 Apr 1995 11:03:11 +0000 (GMT)
From: Richard Allen <ra () rhi hi is>
To: bugtraq () fc net
Subject: SUMMARY: AntiFlash talkd

I have recived quite alot of mail regarding my request for a talk daemon
that can remove those annoying flashes. Apparently this is a hot issue,
many people sent me Email saying that they where interested in this matter.

Here are the most interesting replys I have recived so far.


[ SNIP ]


Shortly after I sent my request to bugtraq, I got an idea to look around
on my local Linux mirror and found "talkd+antiflash+hatemail.tar.gz"
which basicly filters out flashes and then sends automatic 'hatemail' to
root () remote site

However, I ran into problems compiling it on our HP9000's, Linux
apparently has a '<protocols/talkd.h>' in it's system includes.



Richard,
You might want to look at the following, regarding 
"talkd+antiflash+hatemail.tar.gz".  It appeared on this list not too long 
ago:

From elias@power.netMon Apr 24 19:24:43 1995
Date: Mon, 13 Mar 1995 01:08:30 -0800 (PST)
From: Elias Levy <elias () power net>
Reply to: linux-security () tarsier cv nrao edu
To: linux-security () tarsier cv nrao edu
Subject: in.talkd+antiflash

This message appeared in bugtraq and it applies to linux
in.talkd with the antiflash patches found in sunsite.
(What what that Olaf said? ALERT? :) )

---------- Forwarded message ----------
Date: Sat, 11 Mar 1995 02:00:47 +1100
From: Julian Assange <proff () suburbia apana org au>
To: bugtraq () fc net
Subject: bsd in.talkd+antiflash remote-remote hole



line ~160 process.c

         if (hp != (struct hostent *)0) {
            char sys_buf[150];
            int child;
            caller_host=hp->h_name;
/*
            SECURITY BUG - Proff
            sprintf(sys_buf,"/etc/flash.mail %s",caller_host);
            system(sys_buf);
*/
         }
         else
           caller_host="unknown";

Modify your DNS hostfield to :

      ;any_command_you_want

Set a talk flash to the site running the in.talkd d, and guess what 
happens?

Cheers,
      Julian Assange -Proff-




__
********************************************************************************
    _/_/_/_/_/   _/_/_/_/_/   _/_/_/_/_/   _/   _/      |  Gary Anderson
   _/           _/      _/   _/      _/    _/  _/       |  ganderson () clark net
  _/  _/_/_/   _/_/_/_/_/   _/_/_/_/_/      _/_/        |  --------------------
 _/      _/   _/      _/   _/       _/       _/         |  finger me for my
_/_/_/_/_/   _/      _/   _/         _/     _/          |  pgp public key
********************************************************************************
Gerrold's Laws of Infernal Dynamics:
        (1) An object in motion will always be headed in the wrong
            direction.
        (2) An object at rest will always be in the wrong place.
        (3) The energy required to change either one of these states
            will always be more than you wish to expend, but never so
            much as to make the task totally impossible.

Current thread:

sniffers, (continued)
- - - sniffers Theodore Alexopoulos (Apr 29)
    - Re: sniffers Jonathan M. Bresler (Apr 29)
    - Re: sniffers Asriel DeCatte (Apr 30)
    - Re: sniffers Asriel DeCatte (Apr 30)
    - Re: sniffers Jas (Apr 30)
    - Re: sniffers Asriel DeCatte (Apr 30)
    - Re: sniffers Jonathan M. Bresler (Apr 30)
    - Re[2]: sniffers Nayfield, Rod (Apr 30)
- SUMMARY: AntiFlash talkd Richard Allen (Apr 24)
  - Re: SUMMARY: AntiFlash talkd Aleph One (Apr 24)
  - Re: SUMMARY: AntiFlash talkd Gary Anderson (Apr 24)
  - The Dan Farmer rap - authors note Julian Assange (Apr 24)
  - Re: SUMMARY: AntiFlash talkd Marek Michalkiewicz (Apr 25)
- Good Times Nayfield, Rod (Apr 24)
- Re: Kerberos availability (Re: NIS) Roger Bolton (Apr 21)