Re: SRT2003-TURKEY-DAY - *novelty* - detecttr.c Trace Route detection vulnerability

[KF <dotslash () snosoft com>]

Thats odd...so why exactly did you register for access to our archives.
heh.

also what part of *novelty* did you not understand?

have a good turkey day folks.
-KF

Tobias Klein wrote:
> *gobble* *gobble*. <- LoL ?
>
> show me anyone who care about your stupid findings in useless software
> which nobody use and founded with simple perl -e techniks or sourcecode 
> scanning
> nobody carez about your tousend local non root holes or a new flaw in 
> ike-scan ........
> stop relasing shit fame seeking whores
> all what you care about is money and your name on bugtraq
> stop releasing shit
> go out and do something usefull with you life
>
> newroot
>
>
> At 21:44 26.11.2003 -0500, KF wrote:
>
> > *gobble* *gobble*.
> >
> > -KF
> >
> >
> > Secure Network Operations, Inc.             
> > http://www.secnetops.com/research
> > Strategic Reconnaissance Team               research () secnetops com
> > Team Lead Contact                           kf () secnetops com
> >
> >
> > Our Mission:
> > ************************************************************************
> > Secure Network Operations offers expertise in Networking, Intrusion
> > Detection Systems (IDS), Software Security Validation, and
> > Corporate/Private Network Security. Our mission is to facilitate a
> > secure and reliable Internet and inter-enterprise communications
> > infrastructure through the products and services we offer.
> >
> > To learn more about our company, products and services or to request a
> > demo of ANVIL FCS please visit our site at http://www.secnetops.com, or
> > call us at: 978-263-3829
> >
> >
> > Quick Summary:
> > ************************************************************************
> > Advisory Number         : SRT2003-TURKEY-DAY *Gobble* *Gobble*
> > Product                 : detecttr.c
> > Version                 : modified on 11.07.97
> > Vendor                  : baldor - http://phrack.org/show.php?p=51&a=3
> > Class                   : Remote
> > Criticality             : Low
> > Operating System(s)     : Linux, FreeBSD, and other POSIX-systems
> >
> >
> > Notice
> > ************************************************************************
> > The full technical details of this vulnerability can be found at:
> > http://www.secnetops.com/research/advisories/SRT2003-TURKEY-DAY.txt
> >
> >
> > Basic Explanation
> > ************************************************************************
> > High Level Description  : detecttr has format strings issues.
> > What to do              : properly format the syslog call and recompile.
> >
> >
> > Basic Technical Details
> > ************************************************************************
> > Proof Of Concept Status : SNO has proof of concept.
> >
> > Low Level Description   : Phrack Magazine Volume 7, Issue 51 which was
> > released on September 01, 1997 contained an article titled "Tools for
> > (paranoid ?) linux users" by an author known as baldor. This article was
> > featured as part of the "Line Noise" located in section 0x04 from article
> > 03 of 17. In this article the author introduces a program for detecting
> > traceroute activity. You can find this program in a variety of places
> > including security archives, unix tool libraries, and search engines.
> >
> > The program in question is detecttr.c and it contains a remotely
> > exploitable format strings issue. I have not yet decided if this was a
> > deliberately placed backdoor or if it was a simple coding mistake.
> >
> > Either way...line 140 of detecttr.c is the problem child which leads to
> > potential exploitation. DNS libraries during the time the article was
> > written may have been ripe for easy exploitation of this issue. Passing
> > a hostname directly to syslog() without a format specifier is a bad idea
> > in most cases.
> >
> > Work Around             : Apply the below code change.
> >
> > change               syslog(LOG_NOTICE , buf);
> > to                   syslog(LOG_NOTICE , "%s" , buf);
> >
> > Bugtraq URL             : To be assigned.
> > Disclaimer
> > ----------------------------------------------------------------------
> > This advisory was released by Secure Network Operations,Inc. as a matter
> > of notification to help administrators protect their networks against
> > the described vulnerability. Exploit source code is no longer released
> > in our advisories but can be obtained under contract.. Contact our sales
> > department at sales () secnetops com for further information on how to
> > obtain proof of concept code.
> >
> > ----------------------------------------------------------------------
> > Secure Network Operations, Inc. || http://www.secnetops.com
> > "Embracing the future of technology, protecting you."


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html