Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Sun libnsl lameness

Re: Sun libnsl lameness

nicholas harteau (nrhSFX.COM)
Thu, 2 Jul 1998 00:44:20 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Herbert Rosmanith: "pop_msg in debian/qpopper: core, but no exploit"
Previous message: Michal Zalewski: "ircd 2.9.5 & ircii-pana DNS problems"
In reply to: George Clooney: "Sun libnsl lameness"
Next in thread: Andy Polyakov: "Re: Sun libnsl lameness"

it should be noted that ssh and sshd make use of insecure functions as
mentioned below.

[rootsquig ~/work/ssh/ssh-1.2.25] nm sshd | egrep 'getnetname|getsecretkey'
[428]   |    372268|       0|FUNC |GLOB |0    |UNDEF  |getnetname
[527]   |    372280|       0|FUNC |GLOB |0    |UNDEF  |getsecretkey
[rootsquig ~/work/ssh/ssh-1.2.25] nm ssh | grep getnetname
[416]   |    356736|       0|FUNC |GLOB |0    |UNDEF  |getnetname


George Clooney wrote:
>                Functions we have found vulnerable:
>
>                Vulnerable key functions
>                ---------------------------------------------------
>                getsecretkey ()         : Calls getkeys_nis ()
>
>
>                Vulnerable RPC functions
>                ----------------------------------------------------
>                getnetname ()           : Calls host2netname ()

--
nicholas harteau
nrhsfx.com

Next message: Herbert Rosmanith: "pop_msg in debian/qpopper: core, but no exploit"
Previous message: Michal Zalewski: "ircd 2.9.5 & ircii-pana DNS problems"
In reply to: George Clooney: "Sun libnsl lameness"
Next in thread: Andy Polyakov: "Re: Sun libnsl lameness"