***** This writing is part of Malloc() Hackers & Malloc
() Security *****
http://www.mallochackers.com
http://www.superw00t.com
**********************************************************
**************
Title: Multiple Vendor "talkd" user validation fault.
~~~~~
Author: Teknophreak of Malloc()
~~~~~~
Contact: "Teknophreak" - ([EMAIL PROTECTED])
~~~~~~~
No modification of the contents of this file should be
made
without direct consent of the author or of Malloc()
hackers or
Malloc() Security.
**********************************************************
**************
"talk" is a program available on multiple *nix OSes
which allows
users to communicate within a system and/or
remotely.
Their exist a flaw within the "talkd" which allows
anyone masquerade
as anyone else either remotely or within the confines
of the system.
This is due to the lack of user validation by the "talkd"
for incoming
"talk" requests. This may be a catalyist for social
engineering which can
lead to the revealing of private or sensitive information
from other users.
Identification of User Masquerading
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If someone is initiating a talk request with "talksp00f"
from the
user "root" for example. You should check to see if
the root user
is actually logged in. And if he is not you can monitor
the system
processes and figure out who is initiating the bogus
talk request.
Also, if the user that is supposedly initiating the talk
request
to you *is* logged in. Check that users processes to
see if he is
actually initiating the talk request to you.
Exploitation
~~~~~~~~~~~~
"Talksp00f" written by: Teknophreak of Malloc()
Download:
http://www.superw00t.com/projects/talkspoof.tar.gz