[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3FC61757.6020602@snosoft.com>
From: dotslash at snosoft.com (KF)
Subject: SRT2003-TURKEY-DAY - *novelty* - detecttr.c
Trace Route detection vulnerability
Thats odd...so why exactly did you register for access to our archives.
heh.
also what part of *novelty* did you not understand?
have a good turkey day folks.
-KF
Tobias Klein wrote:
> *gobble* *gobble*. <- LoL ?
>
> show me anyone who care about your stupid findings in useless software
> which nobody use and founded with simple perl -e techniks or sourcecode
> scanning
> nobody carez about your tousend local non root holes or a new flaw in
> ike-scan ........
> stop relasing shit fame seeking whores
> all what you care about is money and your name on bugtraq
> stop releasing shit
> go out and do something usefull with you life
>
> newroot
>
>
> At 21:44 26.11.2003 -0500, KF wrote:
>
>> *gobble* *gobble*.
>>
>> -KF
>>
>>
>> Secure Network Operations, Inc.
>> http://www.secnetops.com/research
>> Strategic Reconnaissance Team research@...netops.com
>> Team Lead Contact kf@...netops.com
>>
>>
>> Our Mission:
>> ************************************************************************
>> Secure Network Operations offers expertise in Networking, Intrusion
>> Detection Systems (IDS), Software Security Validation, and
>> Corporate/Private Network Security. Our mission is to facilitate a
>> secure and reliable Internet and inter-enterprise communications
>> infrastructure through the products and services we offer.
>>
>> To learn more about our company, products and services or to request a
>> demo of ANVIL FCS please visit our site at http://www.secnetops.com, or
>> call us at: 978-263-3829
>>
>>
>> Quick Summary:
>> ************************************************************************
>> Advisory Number : SRT2003-TURKEY-DAY *Gobble* *Gobble*
>> Product : detecttr.c
>> Version : modified on 11.07.97
>> Vendor : baldor - http://phrack.org/show.php?p=51&a=3
>> Class : Remote
>> Criticality : Low
>> Operating System(s) : Linux, FreeBSD, and other POSIX-systems
>>
>>
>> Notice
>> ************************************************************************
>> The full technical details of this vulnerability can be found at:
>> http://www.secnetops.com/research/advisories/SRT2003-TURKEY-DAY.txt
>>
>>
>> Basic Explanation
>> ************************************************************************
>> High Level Description : detecttr has format strings issues.
>> What to do : properly format the syslog call and recompile.
>>
>>
>> Basic Technical Details
>> ************************************************************************
>> Proof Of Concept Status : SNO has proof of concept.
>>
>> Low Level Description : Phrack Magazine Volume 7, Issue 51 which was
>> released on September 01, 1997 contained an article titled "Tools for
>> (paranoid ?) linux users" by an author known as baldor. This article was
>> featured as part of the "Line Noise" located in section 0x04 from article
>> 03 of 17. In this article the author introduces a program for detecting
>> traceroute activity. You can find this program in a variety of places
>> including security archives, unix tool libraries, and search engines.
>>
>> The program in question is detecttr.c and it contains a remotely
>> exploitable format strings issue. I have not yet decided if this was a
>> deliberately placed backdoor or if it was a simple coding mistake.
>>
>> Either way...line 140 of detecttr.c is the problem child which leads to
>> potential exploitation. DNS libraries during the time the article was
>> written may have been ripe for easy exploitation of this issue. Passing
>> a hostname directly to syslog() without a format specifier is a bad idea
>> in most cases.
>>
>> Work Around : Apply the below code change.
>>
>> change syslog(LOG_NOTICE , buf);
>> to syslog(LOG_NOTICE , "%s" , buf);
>>
>> Bugtraq URL : To be assigned.
>> Disclaimer
>> ----------------------------------------------------------------------
>> This advisory was released by Secure Network Operations,Inc. as a matter
>> of notification to help administrators protect their networks against
>> the described vulnerability. Exploit source code is no longer released
>> in our advisories but can be obtained under contract.. Contact our sales
>> department at sales@...netops.com for further information on how to
>> obtain proof of concept code.
>>
>> ----------------------------------------------------------------------
>> Secure Network Operations, Inc. || http://www.secnetops.com
>> "Embracing the future of technology, protecting you."
>>
>>
>>
>
Powered by blists - more mailing lists