Bugtraq mailing list archives
Y2K bug in Shadow IDS
From: ah () SECURITYFOCUS COM (Alfred Huger)
Date: Sun, 2 Jan 2000 13:00:52 -0800
As taken from the Incidents mailing list at SecurityFocus.com: To: Incidents Subject: Y2K bug in Shadow IDS Date: Sun Jan 02 2000 05:57:58 Author: Patrick Oonk Message-ID: <20000102135758.C11780 () pine nl> Hi, The shadow IDS contains a programming mistake that breaks many scripts in the suite. The author assumed at some point that the output of the year value in Perl's date functions is a 2 digit number which it isn't. In 2000 the value of $year is '100'. I made a small fix which still is not pretty, but going to a 4 digit year would break many other things in the scripts, and this fix will work for the next 99 years anyway :) I changed the top of 'sensor/variables.ph' into # We need various timestamps all over the place @T = localtime; if ($T[5] > 99) { $T[5] -= 100; } By the way, the Shadow perl scripts also use /tmp a lot with predictable file names, so local exploits are possible, but this is more of a Bugtraq issue I guess. p. -- Patrick Oonk - PO1-6BONE - patrick () pine nl - www.pine.nl/~patrick Pine Internet B.V. GOAT666-RIPE PGP key ID BE7497F1 Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/ -- Pine Security Digest - http://security.pine.nl/ (Dutch) ---- Excuse of the day: Your excuse is: it has Intel Inside
Current thread:
- Y2K bug in Shadow IDS Alfred Huger (Jan 02)