-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 holo, i find something when i try portmon out for a ride. this is the home of portmon - http://aboleo.net/software/portmon/ portmon is software that replaces shell script ping & cron to test the hosts. this is what i find - portmon 1.8 and earlier buffer overflow: [user@localhost]# export USER=`perl -e 'print "A" x 666'` /* 110 suffice but i like 66 since the vendor is named old nik! ! */ [user@localhost]# /usr/local/bin/portmon -c devilzride.txt Segmentation fault (core dumped) bad code in portmon.c sprintf(err_msg, "Portmon started by user %s\n", getenv("USER")); err_msg declare as a - err_msg = (char *)malloc(128 * sizeof(char)); 1.8 is no longer suid root ! probably not an exploitation (in <=1.7) becuz there is nothing on heap to write over and n1xo does not like to use the free() (teehe, grep free turns up the dust , who needs the free() anyhow!) .. maybe you find a way ? USER is not a trusted one and you can spoof the logs or trash the files by exploit this guy in <1.8: portmon -l /etc/shadow see - http://www.securityfocus.com/archive/1/325653/2003-06-15/2003-06- 21/0 fix : n1xo said he make a code to fix this one. ask him : Nik Reiman <nikat_private> greetz : tsat_private is the only one werth the props ! -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj74zFIACgkQarKSBij8yIKdywCfdB0dk3LfrnMXjMYTPT4HSZwGRcoA n0Z+Y3LYt1T8JKCWRYDCEIThCceo =G6hd -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
This archive was generated by hypermail 2b30 : Wed Jun 25 2003 - 09:20:53 PDT