Hello,
Hulio Menendez IV wrote:
Hello Debain Security,
My name is Hulio Ramirez Chi Menendez IV. You are running Debian 3.0r2.
My Debian use the tcp wrapp for security which is written by porcupine.org. My
Debian is exploit by cracker use a bug in the tcp wrapp package version 7.6 in
Debian distribute tcpd-7.6-9. The tcp wrapp package has bug in source which
exploited by internet cracker everytime. This is bug exploited on the irc
servers also the chat servers.
...
} else if (STR_NE(host->name, hp->h_name)
&& STR_NE(host->name, "localhost")) {
STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), strlen(inet_ntoa(sin->sin_addr)));
^^^^^ BUGBUG!!!!
...
I have search these lines in tcp-wrapper's source but I don't find them.
Could you give to the list the name of the file and the number of the
line please ?
Please is Debain packages being update to newest wrappers? What is this
security software not written in safe strings library like DJB Qmail or
daemontools?? This is cause of most of security problem in the C.
My english is not so good sorry.
Hulio Menendez IV
--
Sometimes you hurt me
Cedric Devillers
