The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Buffer overrun in Redhat 5.0


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Thu, 18 Dec 1997 09:55:22 +0500 (ESK)
Date: Mon, 15 Dec 1997 17:56:56 -0700
From: Wilton Wong - ListMail <[email protected]>
To: [email protected]
Subject: Re: Buffer overrun in Redhat 5.0

The problem is that this only fixes traceroute rlogin, rsh, and ping are
most likely still vulnerable, they just put a check in to traceroute to
see if the hostname you gave it is too long..

This will still give you a segfault if say you did something like this:

traceroute somehost.com -g [lot's of XXX's]

which I'd expect would still be vulnerable.. and it is =/

wwong@nova:~/src/trace$ traceroute somehost.com -g $RET
bash# whoami
root
bash#

bash# rpm -qif /usr/sbin/traceroute
Name        : traceroute                  Distribution: Hurricane
Version     : 1.4a5                             Vendor: Red Hat Software
Release     : 5                             Build Date: Sun Dec 14
11:16:22 1997
Install date: Tue Dec 16 07:37:28 1997   Build Host: porky.redhat.com
Group       : Networking/Utilities          Source RPM:
traceroute-1.4a5-5.src.rpm
Size        : 30603
Packager    : Red Hat Software <[email protected]>
Summary     : traces the route packets take over a TCP/IP network
Description :
Traceroute prints the route packets take across a TCP/IP. The names (or
IP numbers if names are not available) of the machines which are routing
packets from the machine traceroute is running on to the destination
machine are printed, along with the time is took to receive a packet
acknowledgement from that machine. This tool can be very helpfull in
diagnosing networking problems.

-------------------------------------------------------------------------
   Wilton Wong                                BlackStar Communications
   URL: http://www.blackstar.net                     16121 - 57 Street
   Email: [email protected]                      Edmonton AB T5Y 2T1
   Tel: (403) 486-7783                             Fax: (403) 484-6004
-------------------------------------------------------------------------

On Tue, 16 Dec 1997, Ask [iso-8859-1] BjЬrn Hansen wrote:

>
> >Okay I noticed that if I ran tracroute  with a really long param it
> >segfaults and I wondered if I could exploit this, I could, I checked to
> >see that I didn't have a twisted version of traceroute, I didn't, so I
> >tried ping as well same result. That's when I posted.
>
> From the redhat website (errata page for redhat 5.0):
>
> Package: traceroute
>
> Updated: 15-Dec-1997
>
> Problem:
>
>        (15-Dec-1997) Security Fix: Fixes buffer overruns in traceroute.
>
> Solution:
>
>        Intel: Upgrade to traceroute-1.4a5-5.i386.rpm
>        Alpha: Upgrade to traceroute-1.4a5-5.alpha.rpm
>
>
> I would guess that it's this problems they have fixed. Better ask someone
> at redhat...
>
>
> kind regards,
>
> ask
>
> ---------------------------------------------------------------------
> ask bjoern hansen - Netcetera - Finsensvej 80 - DK-2000 Frederiksberg
> tlf 38 88 32 22 / 40 44 58 66 / 38 88 20 38 ext 341 - Fax 38 88 30 38
> Webdesign, Webhotel, Mailhotel, UUCP & more! http://www.netcetera.dk/
>
>
>

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру