Re: Internet Auditing Project

From: David Luyer (luyerat_private)
Date: Sun Aug 15 1999 - 18:51:58 PDT

Next message: Jeremy Kothe: "telnet.exe heap overflow - remotely exploitable"

Previous message: Adam Herscher: "Re: w00w00's efnet ircd advisory (exploit included)"
Maybe in reply to: Elias Levy: "Internet Auditing Project"
Next in thread: CyberPsychotic: "Re: Internet Auditing Project"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The tool mentioned in this has a couple of show-stopper bugs, at least for
my system.  The options default to -c on, the getopt doesn't accept c and
the option parsing just turns it on anyway.  Also, the use of longjmp out
of an alarm handler breaks things.  It should be siglongjump and sigsetjmp.
The second alarm signal never happens and the program hangs indefinitely.
(this is Linux 2.0.37, glibc 2.1)

For those who want to get it working quickly, here's a patch (gzipped,
uuencodes, if you don't know how to decode/apply then you shouldn't be
using the scanner anyway).

begin 644 bass-1.0.7.patch.gz
M'XL(""1MMS<"`V)A<W,M,2XP+C<N<&%T8V@`G5=M4^,V$/Y,?L4>G;FSL1,2
M<KF0!%KH-5R9`4()G6G[)>/8<JS#L5Q)=@Z8^^]=28[S0L(UW,S9BJ1=[S[/
M:A\1T#"$:L9O8.P)46W4ZK7VX:_GPV'-7YJIA?0;"8KY2K5:?;E[[YHE<)Y-
M`#I0;W8_-KNM!C0ZG4[%<9QMKDJCQB>H=[I']6[SV!B=G4&U4>^X;7#,Z^RL
M`OK?F``G7@`A9U/PP&=)2"<9]R1%7R&-B0T'AQ50NP\/(/6X("X$U"?@)0&(
M6(_X))N21$+NQ1D1QI?/IE.U):8)42ZJ`+,(_5D62[7S4Y@0B6,+S7U7.<E=
MV(^[LONUF^;1OFW#NU/H#R[LBK.+K;]NK?,4,RK]J+`OY@">YP/?$P0^Q!^@
M:[!J-C56^J6PVALC2@\]`\3"P%<&U3WC5=1\-O-X,)JR@&"(@YM>Q=FR)B17
M'OQIJD+"^#%\ENS;\`L,+BZ@JXVW?3577PTVE=J8)L&F4C/SZZ5F9G<LM34C
M4VK-3K>Q5&JM(X6>?II"XT1F/$%<32X>GUJ23@G+I-W#RJ"A!>\$D5\1#OP_
MSD(;;"3'*5;H9&71;9AEY3A',%5((^G%#]8](DGDQ6\NT'\SPA]=$/2)L-`R
M/VT7+O_XLW_WMPWOWY>@;K3/5^WSN;TQ[RE;E44=AQN92(B<,?ZPB8QR:9V/
M<F%'2E[:%:P<=UN=!2O-MF)%/S4K%$\L726$S^E88\,&P\4F*G!-0QDR;E%D
MH]X#"B<:.*A"`W\YCF9+!]$^5D'H9QE$@C!C^_B_H3R_%LOS(ACET\2C1B<^
MR_`;>@S.*22V*0!589;J*#-.);$$\Q_"P`7T!X[>[(*VQ%S4+U5Y)^@47TM%
M;?IKV_37.<!%,M?G?XWZGW\?W/5OKW3EO#$M#!7;Q6CF43GB)(T?+2\(^&HI
M+H[:/*@CC;=Y+06U.'UO#T>?/12,A/BRQ$T0GH]48-B5\1F39%N$/"]"[)A>
MVYGWVN\J2A0;+T8CI,5+4\)!1IZ$E!-D=BJPNB:)%P/#%2U5`C\GU"0,+[^<
M7]U=@V1*<B",/1&-/?_!Q1FE=ID@`:`81&#24MKD_&#C'`(MA:IB53;JC1V<
M)8%`/9G7]U']D]OX"$[Q+G3VN\FJBED5V>,W9$0@9<H-"X%\(WZFM4TG.O,P
M1R_'"#)!DTD1JXL`4,8KSMO]S%.9NU+1%3X,WK@LU4Z&34VEFS,:+,#162/,
MC!.3])P)J\#=502,+K_<:*ZU2\,[LA&S9+)42-#`>4<YV+1@RN#UYAIM[X71
MMN8:O;&Y1B\EK]5:NEV9RU6G/&8_T<2/,Q3[$P-X+?I9@8"CD>HM)E7,']-?
MGS/E+UE")Y%$_E+B4R\6M5K-W,4V8L)3?Y/8Z.EU+/3DCCBLVBQD_VB!0:>E
M,-!/7?>?KR[[-_=PX,=TA_;^NM*8UF,\JO83)U+ZZ<C'BQ)V;VXZ3\H97JAR
MPK$MJ,:4:H$)Q).+Q\;/Q9/=`_BAA,_P&*#33:B62^O(E@L[HOO2KD2XWEZ2
M<-W-FZ5Z*ID;/TJ\<VN=T\,3)3AW_>'MX&;8'PTO_^D7"\YILD!PE8=M1+S*
M1'%[QBU:/]6?$:4,<")2[,H$-51_VX474:&@ZB7;"*JYDS\#X3QAZ*Y_>S>X
6'_1@PK`]A1Z->]@1_@/D5#R88`T`````
`
end

David.

Next message: Jeremy Kothe: "telnet.exe heap overflow - remotely exploitable"
Previous message: Adam Herscher: "Re: w00w00's efnet ircd advisory (exploit included)"
Maybe in reply to: Elias Levy: "Internet Auditing Project"
Next in thread: CyberPsychotic: "Re: Internet Auditing Project"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:24 PDT