Blake Frantz wrote: > > I realize the threat is not huge but, some IDS consoles such as demarc > call whois from a web interface. If you have a poorly secured IDS console > an attacker could utilize an exploit in whois to run code on your IDS > console with the same permissions as a web user. Again, this is not Earth > shattering, and a lot would have to be 'broke' already for an attacker to > get much out of it, but it's atleast worth mentioning. > > -Blake > > On 31 Jan 2002, jon schatz wrote: > > > On Thu, 2002-01-31 at 08:37, ladd harris wrote: > > > Testing the whois -p i also get a core dump on red > > > hat 7.1....tried two machines both seem effected. > > > whether it can be exploited i do not still need to do > > > more tests...... > > > > but what are you going to exploit? i found this bug a while ago, but > > never reported it because > > > > 1) the (newer) whois-1.0.9-1 rpm fixed the problem, and > > 2) whois isn't setuid. and never needs to be > > > > so at most, you're talking about executing code as yourself, which you > > can do without a buffer overflow. > > > > -jon > > > > -- > > jonat_private || www.divisionbyzero.com > > gpg key: www.divisionbyzero.com/pubkey.asc > > think i have a virus?: www.divisionbyzero.com/pgp.html > > "You are in a twisty little maze of Sendmail rules, all confusing." > > This looks like a null pointer dereference and is probably the result of a missing NULL test before attempting to use strlen. It's a mistake but it's unlikely that it's an actual vulnerability. -Jeff -- http://jeff.wwti.com (pgp key available) "Common sense is the collection of prejudices acquired by age eighteen." - Albert Einstein
This archive was generated by hypermail 2b30 : Fri Feb 01 2002 - 13:45:50 PST