lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040908045054.1530.qmail@www.securityfocus.com>
Date: 8 Sep 2004 04:50:54 -0000
From: "Jérôme" ATHIAS <jerome.athias@...amail.com>
To: bugtraq@...urityfocus.com
Subject: Insecure Temporary File Creation Vulnerability in Net-Acct




Net-Acct is a user-space daemon which generates log files of network traffic for accounting purposes. Initially created by Ulrich Callmeier, it is now worked upon occasionally by a team of volunteers on the list net-acct*CoLi.Uni-SB.DE, questions are best asked there or net-acct*exorsus.net. 

Stefan Nordhausen has identified a local security hole in net-acct (all versions). It appears to be some redundant code from some time way back in the past although I'm not entirely sure. I have removed the code, since it doesn't actually appear to do anything other than create and delete a file that is referenced nowhere else. Use the patch at your own risk, until I've had some feedback telling me it works. 

net-acct-notempfiles.patch : http://exorsus.net/projects/net-acct/net-acct-notempfiles.patch

For much of the functionality provided by net-acct, an alternative, http://savannah.nongnu.org/projects/ulog-acctd, exists which is considerably better at catching all the relevant packets. For the majority of problems it should be considered the preferable solution to net-acct (assuming you're on a linux 2.4 kernel of course :) 

http://netacct-mysql.sourceforge.net/ is a fairly new project which is creating a completely mysql-customised version of net-acct. There's obviously a popular niche here since there seem to be a fair number of people contributing. Users looking to put their data straight into MySQL may well be served by taking a look. 

Thomas Prokosch kindly donated another log summary script which can be found at http://www.nadev.net/thomas/projects/nacctstats/ 

Marc Haber has made available a patch for a locking problem within net-acct. If you are suffering from rare situations in which net-acct seems to spin out and grab all available cpu, this may well help. 

lockpatch.txt : http://exorsus.net/projects/net-acct/lockpatch.txt

0.71 is now the latest version, changes: A patch for a small bug in the Localtime handling for those using the HUMAN_READBLE define. 

We have a debian package available, thanks to Bernd Eckenfels , package page is at http://packages.debian.org/unstable/net/net-acct.html. 

Known bugs 

- Name based framing detection. Now, to be honest, I don't have a great idea of what exatly "framing" is, in this context, but if you know, tell me, or I'll end up figuring it out for myself when the bug list begins to annoy me :) 

- Reverse masq tracking (includes patch) hopefully will go into the next version, or something :) 

PLEASE NOTE The README file in the archive is out of date in some aspects, it is included for completeness however contact names, mailing list signups etc are incorrect. 

 
http://exorsus.net/projects/net-acct/ 




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ