Date: Sun, 2 Jan 2000 13:00:52 -0800
From: Alfred Huger <[email protected]>
To: [email protected]Subject: Y2K bug in Shadow IDS
As taken from the Incidents mailing list at SecurityFocus.com:
To:
Incidents
Subject:
Y2K bug in Shadow IDS
Date:
Sun Jan 02 2000 05:57:58
Author:
Patrick Oonk
Message-ID:
<[email protected]>
Hi,
The shadow IDS contains a programming mistake that breaks
many scripts in the suite. The author assumed at some point
that the output of the year value in Perl's date functions
is a 2 digit number which it isn't. In 2000 the value
of $year is '100'.
I made a small fix which still is not pretty, but going
to a 4 digit year would break many other things in the scripts,
and this fix will work for the next 99 years anyway :)
I changed the top of 'sensor/variables.ph' into
# We need various timestamps all over the place
@T = localtime;
if ($T[5] > 99) {
$T[5] -= 100;
}
By the way, the Shadow perl scripts also use /tmp a lot with
predictable file names, so local exploits are possible,
but this is more of a Bugtraq issue I guess.
p.
--
Patrick Oonk - PO1-6BONE - [email protected] - www.pine.nl/~patrick
Pine Internet B.V. GOAT666-RIPE PGP key ID BE7497F1
Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/
-- Pine Security Digest - http://security.pine.nl/ (Dutch) ----
Excuse of the day: Your excuse is: it has Intel Inside
