lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: dotslash at snosoft.com (KF)
Subject: SRT2003-TURKEY-DAY - *novelty* -  detecttr.c
 Trace Route detection vulnerability

Thats odd...so why exactly did you register for access to our archives.
heh.

also what part of *novelty* did you not understand?

have a good turkey day folks.
-KF

Tobias Klein wrote:
> *gobble* *gobble*. <- LoL ?
> 
> show me anyone who care about your stupid findings in useless software
> which nobody use and founded with simple perl -e techniks or sourcecode 
> scanning
> nobody carez about your tousend local non root holes or a new flaw in 
> ike-scan ........
> stop relasing shit fame seeking whores
> all what you care about is money and your name on bugtraq
> stop releasing shit
> go out and do something usefull with you life
> 
> newroot
> 
> 
> At 21:44 26.11.2003 -0500, KF wrote:
> 
>> *gobble* *gobble*.
>>
>> -KF
>>
>>
>> Secure Network Operations, Inc.             
>> http://www.secnetops.com/research
>> Strategic Reconnaissance Team               research@...netops.com
>> Team Lead Contact                           kf@...netops.com
>>
>>
>> Our Mission:
>> ************************************************************************
>> Secure Network Operations offers expertise in Networking, Intrusion
>> Detection Systems (IDS), Software Security Validation, and
>> Corporate/Private Network Security. Our mission is to facilitate a
>> secure and reliable Internet and inter-enterprise communications
>> infrastructure through the products and services we offer.
>>
>> To learn more about our company, products and services or to request a
>> demo of ANVIL FCS please visit our site at http://www.secnetops.com, or
>> call us at: 978-263-3829
>>
>>
>> Quick Summary:
>> ************************************************************************
>> Advisory Number         : SRT2003-TURKEY-DAY *Gobble* *Gobble*
>> Product                 : detecttr.c
>> Version                 : modified on 11.07.97
>> Vendor                  : baldor - http://phrack.org/show.php?p=51&a=3
>> Class                   : Remote
>> Criticality             : Low
>> Operating System(s)     : Linux, FreeBSD, and other POSIX-systems
>>
>>
>> Notice
>> ************************************************************************
>> The full technical details of this vulnerability can be found at:
>> http://www.secnetops.com/research/advisories/SRT2003-TURKEY-DAY.txt
>>
>>
>> Basic Explanation
>> ************************************************************************
>> High Level Description  : detecttr has format strings issues.
>> What to do              : properly format the syslog call and recompile.
>>
>>
>> Basic Technical Details
>> ************************************************************************
>> Proof Of Concept Status : SNO has proof of concept.
>>
>> Low Level Description   : Phrack Magazine Volume 7, Issue 51 which was
>> released on September 01, 1997 contained an article titled "Tools for
>> (paranoid ?) linux users" by an author known as baldor. This article was
>> featured as part of the "Line Noise" located in section 0x04 from article
>> 03 of 17. In this article the author introduces a program for detecting
>> traceroute activity. You can find this program in a variety of places
>> including security archives, unix tool libraries, and search engines.
>>
>> The program in question is detecttr.c and it contains a remotely
>> exploitable format strings issue. I have not yet decided if this was a
>> deliberately placed backdoor or if it was a simple coding mistake.
>>
>> Either way...line 140 of detecttr.c is the problem child which leads to
>> potential exploitation. DNS libraries during the time the article was
>> written may have been ripe for easy exploitation of this issue. Passing
>> a hostname directly to syslog() without a format specifier is a bad idea
>> in most cases.
>>
>> Work Around             : Apply the below code change.
>>
>> change               syslog(LOG_NOTICE , buf);
>> to                   syslog(LOG_NOTICE , "%s" , buf);
>>
>> Bugtraq URL             : To be assigned.
>> Disclaimer
>> ----------------------------------------------------------------------
>> This advisory was released by Secure Network Operations,Inc. as a matter
>> of notification to help administrators protect their networks against
>> the described vulnerability. Exploit source code is no longer released
>> in our advisories but can be obtained under contract.. Contact our sales
>> department at sales@...netops.com for further information on how to
>> obtain proof of concept code.
>>
>> ----------------------------------------------------------------------
>> Secure Network Operations, Inc. || http://www.secnetops.com
>> "Embracing the future of technology, protecting you."
>>
>>
>>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ