On Sun, Jul 21, 2002 at 02:09:24PM +0200, SpaceWalker wrote: > -This exploit will never be used to haxor something because I never > saw this traceroute used by default Well, SuSE has been using Nanog traceroute for ages; at least since 7.0 but probably longer. OTOH, the bug isn't very new either. The nktib package in SuSE Linux 7.0 has a patch for this vulnerability dated 2000/10/03 14:12:43. Finally, let me remark that your exploit has a minor bug in detecting vulnerable versions. Using the attached patch it will properly recognize patched versions of traceroute :) Cheers Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okirat_private | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
This archive was generated by hypermail 2b30 : Wed Jul 24 2002 - 11:32:56 PDT