Thats odd...so why exactly did you register for access to our archives. heh.
also what part of *novelty* did you not understand?
have a good turkey day folks. -KF
Tobias Klein wrote:
*gobble* *gobble*. <- LoL ?
show me anyone who care about your stupid findings in useless software
which nobody use and founded with simple perl -e techniks or sourcecode scanning
nobody carez about your tousend local non root holes or a new flaw in ike-scan ........
stop relasing shit fame seeking whores
all what you care about is money and your name on bugtraq
stop releasing shit
go out and do something usefull with you life
newroot
At 21:44 26.11.2003 -0500, KF wrote:
*gobble* *gobble*.
-KF
Secure Network Operations, Inc. http://www.secnetops.com/research
Strategic Reconnaissance Team [EMAIL PROTECTED]
Team Lead Contact [EMAIL PROTECTED]
Our Mission: ************************************************************************ Secure Network Operations offers expertise in Networking, Intrusion Detection Systems (IDS), Software Security Validation, and Corporate/Private Network Security. Our mission is to facilitate a secure and reliable Internet and inter-enterprise communications infrastructure through the products and services we offer.
To learn more about our company, products and services or to request a demo of ANVIL FCS please visit our site at http://www.secnetops.com, or call us at: 978-263-3829
Quick Summary: ************************************************************************ Advisory Number : SRT2003-TURKEY-DAY *Gobble* *Gobble* Product : detecttr.c Version : modified on 11.07.97 Vendor : baldor - http://phrack.org/show.php?p=51&a=3 Class : Remote Criticality : Low Operating System(s) : Linux, FreeBSD, and other POSIX-systems
Notice ************************************************************************ The full technical details of this vulnerability can be found at: http://www.secnetops.com/research/advisories/SRT2003-TURKEY-DAY.txt
Basic Explanation ************************************************************************ High Level Description : detecttr has format strings issues. What to do : properly format the syslog call and recompile.
Basic Technical Details ************************************************************************ Proof Of Concept Status : SNO has proof of concept.
Low Level Description : Phrack Magazine Volume 7, Issue 51 which was released on September 01, 1997 contained an article titled "Tools for (paranoid ?) linux users" by an author known as baldor. This article was featured as part of the "Line Noise" located in section 0x04 from article 03 of 17. In this article the author introduces a program for detecting traceroute activity. You can find this program in a variety of places including security archives, unix tool libraries, and search engines.
The program in question is detecttr.c and it contains a remotely exploitable format strings issue. I have not yet decided if this was a deliberately placed backdoor or if it was a simple coding mistake.
Either way...line 140 of detecttr.c is the problem child which leads to potential exploitation. DNS libraries during the time the article was written may have been ripe for easy exploitation of this issue. Passing a hostname directly to syslog() without a format specifier is a bad idea in most cases.
Work Around : Apply the below code change.
change syslog(LOG_NOTICE , buf); to syslog(LOG_NOTICE , "%s" , buf);
Bugtraq URL : To be assigned. Disclaimer ---------------------------------------------------------------------- This advisory was released by Secure Network Operations,Inc. as a matter of notification to help administrators protect their networks against the described vulnerability. Exploit source code is no longer released in our advisories but can be obtained under contract.. Contact our sales department at [EMAIL PROTECTED] for further information on how to obtain proof of concept code.
---------------------------------------------------------------------- Secure Network Operations, Inc. || http://www.secnetops.com "Embracing the future of technology, protecting you."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
