Bugtraq mailing list archives

Re: rdist exploit [bsdi]

From: edmond () shaman lycaeum org (Andrew N. Edmond)
Date: Sat, 13 Jul 1996 01:20:35 -0600

Here is a quick bsd/os (should work in freebsd too, I believe) exploitation
script for the rdist buffer overflow vulnerbility.


    Confirmed for FreeBSD 2.1.0-RELEASE, 2.2-960501-SNAP and
2.2-960601-SNAP.  Haven't tried it with the 2.1.5 release stream yet.


Agreed, another confirmation that this exploit works on 2.1.0-RELEASE.  I
temporarily fixed the problem by doing (this may be overboard, but I am
getting paranoid with all these BSD holes lately!) the following:

chflags noschg /usr/bin/rdist    # must take off immutable flag!
chmod 000 /usr/bin/rdist         # wipe all functionality from this prog

Looking forward to a source patch, for sure!

Andy

.............................................................................
.  Andrew Edmond              .   Children of a future age,                 .
..  edmond () lycaeum org       ...   Reading this indignant page,            ..
...  University of Wyoming  .....   Know that in a former time,           ...
....  Botany Department    .......   A path to God was thought a crime.  ....
....................... the Lycaeum .........................................

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQCNAzGauk0AAAEEANjORiZVrD98GS+vkJv+36CLC5Agifk8ra61i3i+Ms2115uK
9WoeUBA2J9QkjG+dM6tEOkPtrnZFkahFbOsDT0Rh46eBktdAp7IXY5M2zN4r1bWt
x6w4b//ffkfRbrTinovxXYLJa5oASudlQbNkVpqAOAH1fdTO3xFsi69/gtsxAAUR
tCJBbmRyZXcgRWRtb25kIDxlZG1vbmRAbHljYWV1bS5vcmc+tBBBbmRyZXcgTi4g
RWRtb25k
=l080
-----END PGP PUBLIC KEY BLOCK-----

Current thread:

[linux-security] [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 Jeff Uphoff (Jul 04)
- Re: [linux-security] [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 Michael Shields (Jul 05)
- CERT Advisory CA-96.13 - Vulnerability in the dip program CERT Advisory (Jul 09)
  - Re: CERT Advisory CA-96.13 - Vulnerability in the dip program Efrain Torres (Jul 09)
  - FIRST Conference & Workshop Plans Ron Freund (Jul 09)
  - rdist exploit [bsdi] Brian Mitchell (Jul 09)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 11)
    - Re: rdist exploit [bsdi] Damien Sorder (Jul 11)
    - Re: rdist exploit [bsdi] jaeger (Jul 12)
    - Re: rdist exploit [bsdi] Andrew N. Edmond (Jul 13)
    - Re: rdist exploit [bsdi] Andy Dills (Jul 13)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 14)
    - at the risk of another flamefest.. *Hobbit* (Jul 14)
    - Re: at the risk of another flamefest.. David Stagner (Jul 15)
    - Re: at the risk of another flamefest.. Alan L. Wendt (Jul 15)
    - hpux 10.0 remote administration Matthew G. Harrigan (Jul 15)
    - Re: rdist exploit [bsdi] System Manager (Jul 13)
    - Re: rdist exploit [bsdi] Tom Bowman (Jul 12)
    - Re: rdist exploit [bsdi] Brian Tao (Jul 12)
    - Re: rdist exploit [bsdi] Cosimo Leipold (Jul 13)

(Thread continues...)