Vulnerability Development mailing list archives
2 dodgy network programs
From: ant () NOTATLA DEMON CO UK (Antonomasia)
Date: Sat, 9 Oct 1999 11:22:02 +0100
I was just visiting http://www.echelon.wiretapped.net and downloaded a small file called "tcplog.c" with no author or version stated. It is for logging connections to your box (linux only). There are some minor coding gripes I could make, but line 107 takes a risk with the size of a hostname 98 char *hostlookup(unsigned long int in) 99 { 100 static char blah[1024]; 101 struct in_addr i; 102 struct hostent *he; 103 104 i.s_addr=in; 105 he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET); 106 if(he == NULL) strcpy(blah, inet_ntoa(i)); 107 else strcpy(blah, he->h_name); 108 return blah; 109 } Also I want to mention DeleGate-5.9.3 (at www.echelon.wiretapped.net and elsewhere, in versions for Linux, AIX etc). Luc Stepniewski <lstep () mail dotcom fr> drew attention to this in April 1999 for having very many string operations without bounds checking. Although I made it dump core #0 0x40058cf3 in ?? () from /lib/libc.so.6 (gdb) bt #0 0x40058cf3 in ?? () from /lib/libc.so.6 #1 0x8103b80 in RES_matchLine ( what=0x41414141 <Address 0x41414141 out of bounds>, byname=1094795585, name=0x41414141 <Address 0x41414141 out of bounds>, line=0x41414141 <Address 0x41414141 out of bounds>, rv=0x41414141, rb=0x41414141 <Address 0x41414141 out of bounds>, cname=0x41414141 <Address 0x41414141 out of bounds>) at reshost.c:461 #2 0x41414141 in ?? () Cannot access memory at address 0x41414141. when I came to convert this into an exploit I could not reproduce it. I told Luc around April I was going to make a demo exploit but have never found the Time. Will someone else take it on ? DeleGate has pretentions to being A security product and ought to set an example or be made one. Luc and I both contacted the author in/before April. -- ############################################################## # Antonomasia ant () notatla demon co uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Current thread:
- Newbie in Jeopardy, (continued)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- Re: Newbie in Jeopardy Nimrod Vered (Oct 09)
- Re: Guestbook perl script (error fix) Erik Parker (Oct 08)
- SSH and X11 forwarding Rob Quinn (Oct 08)
- fbsd 3.3 ospf_monitor research Brock Tellier (Oct 08)
- Re: fbsd 3.3 ospf_monitor research Jeff Bachtel (Oct 10)
- Re: fbsd 3.3 ospf_monitor research Andrew Reiter (Oct 11)
- restoretextmode problems robert (Oct 11)
- Newbie in Jeopardy Me Uh, K. (Oct 06)
- NT SysKey should be breakable Mikael Olsson (Oct 08)
- Re: NT SysKey should be breakable Mikael Olsson (Oct 09)
- 2 dodgy network programs Antonomasia (Oct 09)
- Re: 2 dodgy network programs Nick 'Zaf' Clifford (Oct 09)
- Re: 2 dodgy network programs David R. Conrad (Oct 13)
- Classes? Devin Walters (Oct 16)
- Re: Classes? Blue Boar (Oct 16)
- Re: Classes? Dragos Ruiu (Oct 16)
- Re: Classes? Bacano (Oct 17)
- Re: Classes? Max Vision (Oct 18)
- Re: Classes? David R. Conrad (Oct 17)
- Re: Classes? Crispin Cowan (Oct 18)
- Re: Classes? George Kurtz (Oct 20)