Hulio Menendez IV wrote:
Hello Debain Security,I have search these lines in tcp-wrapper's source but I don't find them.
My name is Hulio Ramirez Chi Menendez IV. You are running Debian 3.0r2.
My Debian use the tcp wrapp for security which is written by porcupine.org. My Debian is exploit by cracker use a bug in the tcp wrapp package version 7.6 in Debian distribute tcpd-7.6-9. The tcp wrapp package has bug in source which exploited by internet cracker everytime. This is bug exploited on the irc servers also the chat servers.
...
} else if (STR_NE(host->name, hp->h_name)
&& STR_NE(host->name, "localhost")) {
STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), strlen(inet_ntoa(sin->sin_addr)));
^^^^^ BUGBUG!!!!
...
Could you give to the list the name of the file and the number of the line please ?
Please is Debain packages being update to newest wrappers? What is this security software not written in safe strings library like DJB Qmail or daemontools?? This is cause of most of security problem in the C.
My english is not so good sorry.
Hulio Menendez IV -- Sometimes you hurt me
Cedric Devillers
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
