Bugtraq mailing list archives
Re: rdist exploit [bsdi]
From: caseq () sharks kylmedia fi (Andrew Kosyakov)
Date: Sun, 14 Jul 1996 13:41:44 +0300
Hi! Quoting Andrew N. Edmond:
chflags noschg /usr/bin/rdist # must take off immutable flag! chmod 000 /usr/bin/rdist # wipe all functionality from this prog
Looking forward to a source patch, for sure!
I fixed it this way. At least it fixes the hole that is exploited in
Brian Mitchell's script, but I'm unsure about others -- I'm getting paranoid,
too:-)
--- lookup.c.old Fri May 27 16:32:33 1994
+++ lookup.c Fri Jul 12 14:06:13 1996
@@ -126,11 +126,12 @@
register unsigned n;
register char *cp;
register struct syment *s;
- char buf[256];
+ char *buf=alloca(strlen(name)+50);
if (debug)
printf("lookup(%s, %d, %x)\n", name, action, value);
+ if (buf==NULL) fatal("ran out of memory");
n = 0;
for (cp = name; *cp; )
n += *cp++;
--
Sincerely yours
/&rew
***
Andrew V. Kosyakov, Chance Publishing House, System Administrator
caseq () chance ru, 2:5030/31 () Fidonet Org, +7(812)210-8046
PGP key fingerprint: BA A8 48 20 E4 AE 9C 52 C5 5F C3 B8 1E 67 2C BF
Current thread:
- Re: rdist exploit [bsdi] The Terminator rAT (Jul 12)
- <Possible follow-ups>
- Re: rdist exploit [bsdi] Max Vision (Jul 13)
- Re: rdist exploit [bsdi] Andrew Kosyakov (Jul 14)
- Re: rdist exploit [bsdi] Chris Siebenmann (Jul 16)
- Re: rdist exploit [bsdi] Simon J. Gerraty (Jul 17)