The problem is that this only fixes traceroute rlogin, rsh, and ping are most likely still vulnerable, they just put a check in to traceroute to see if the hostname you gave it is too long.. This will still give you a segfault if say you did something like this: traceroute somehost.com -g [lot's of XXX's] which I'd expect would still be vulnerable.. and it is =/ wwong@nova:~/src/trace$ traceroute somehost.com -g $RET bash# whoami root bash# bash# rpm -qif /usr/sbin/traceroute Name : traceroute Distribution: Hurricane Version : 1.4a5 Vendor: Red Hat Software Release : 5 Build Date: Sun Dec 14 11:16:22 1997 Install date: Tue Dec 16 07:37:28 1997 Build Host: porky.redhat.com Group : Networking/Utilities Source RPM: traceroute-1.4a5-5.src.rpm Size : 30603 Packager : Red Hat Software <bugsat_private> Summary : traces the route packets take over a TCP/IP network Description : Traceroute prints the route packets take across a TCP/IP. The names (or IP numbers if names are not available) of the machines which are routing packets from the machine traceroute is running on to the destination machine are printed, along with the time is took to receive a packet acknowledgement from that machine. This tool can be very helpfull in diagnosing networking problems. ------------------------------------------------------------------------- Wilton Wong BlackStar Communications URL: http://www.blackstar.net 16121 - 57 Street Email: wwongat_private Edmonton AB T5Y 2T1 Tel: (403) 486-7783 Fax: (403) 484-6004 ------------------------------------------------------------------------- On Tue, 16 Dec 1997, Ask [iso-8859-1] Bjørn Hansen wrote: > > >Okay I noticed that if I ran tracroute with a really long param it > >segfaults and I wondered if I could exploit this, I could, I checked to > >see that I didn't have a twisted version of traceroute, I didn't, so I > >tried ping as well same result. That's when I posted. > > From the redhat website (errata page for redhat 5.0): > > Package: traceroute > > Updated: 15-Dec-1997 > > Problem: > > (15-Dec-1997) Security Fix: Fixes buffer overruns in traceroute. > > Solution: > > Intel: Upgrade to traceroute-1.4a5-5.i386.rpm > Alpha: Upgrade to traceroute-1.4a5-5.alpha.rpm > > > I would guess that it's this problems they have fixed. Better ask someone > at redhat... > > > kind regards, > > ask > > --------------------------------------------------------------------- > ask bjoern hansen - Netcetera - Finsensvej 80 - DK-2000 Frederiksberg > tlf 38 88 32 22 / 40 44 58 66 / 38 88 20 38 ext 341 - Fax 38 88 30 38 > Webdesign, Webhotel, Mailhotel, UUCP & more! http://www.netcetera.dk/ > > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:36:17 PDT