('binary' encoding is not supported, stored as-is) ***** This writing is part of Malloc() Hackers & Malloc () Security ***** http://www.mallochackers.com http://www.superw00t.com ********************************************************** ************** Title: Multiple Vendor "talkd" user validation fault. ~~~~~ Author: Teknophreak of Malloc() ~~~~~~ Contact: "Teknophreak" - (tekat_private) ~~~~~~~ No modification of the contents of this file should be made without direct consent of the author or of Malloc() hackers or Malloc() Security. ********************************************************** ************** "talk" is a program available on multiple *nix OSes which allows users to communicate within a system and/or remotely. Their exist a flaw within the "talkd" which allows anyone masquerade as anyone else either remotely or within the confines of the system. This is due to the lack of user validation by the "talkd" for incoming "talk" requests. This may be a catalyist for social engineering which can lead to the revealing of private or sensitive information from other users. Identification of User Masquerading ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If someone is initiating a talk request with "talksp00f" from the user "root" for example. You should check to see if the root user is actually logged in. And if he is not you can monitor the system processes and figure out who is initiating the bogus talk request. Also, if the user that is supposedly initiating the talk request to you *is* logged in. Check that users processes to see if he is actually initiating the talk request to you. Exploitation ~~~~~~~~~~~~ "Talksp00f" written by: Teknophreak of Malloc() Download: http://www.superw00t.com/projects/talkspoof.tar.gz
This archive was generated by hypermail 2b30 : Wed Apr 03 2002 - 17:31:11 PST