Y2K bug in Shadow IDS

Subject: Y2K bug in Shadow IDS
From: Alfred Huger (ahSECURITYFOCUS.COM)
Date: Sun Jan 02 2000 - 15:00:52 CST

• Next message: Alfred Huger: "Re: Y2K bug in Shadow IDS (fwd)"
• Previous message: Justin Tripp: "HPUX Aserver revisited."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As taken from the Incidents mailing list at SecurityFocus.com:

To:
           Incidents
 Subject:
           Y2K bug in Shadow IDS
 Date:
           Sun Jan 02 2000 05:57:58
 Author:
           Patrick Oonk
 Message-ID:
           <20000102135758.C11780pine.nl>

Hi,

The shadow IDS contains a programming mistake that breaks
many scripts in the suite. The author assumed at some point
that the output of the year value in Perl's date functions
is a 2 digit number which it isn't. In 2000 the value
of $year is '100'.

I made a small fix which still is not pretty, but going
to a 4 digit year would break many other things in the scripts,
and this fix will work for the next 99 years anyway :)

I changed the top of 'sensor/variables.ph' into

        # We need various timestamps all over the place
        T = localtime;
        if ($T[5] > 99) {
        $T[5] -= 100;
        }

By the way, the Shadow perl scripts also use /tmp a lot with
predictable file names, so local exploits are possible,
but this is more of a Bugtraq issue I guess.

        p.

--
 Patrick Oonk - PO1-6BONE - patrickpine.nl - www.pine.nl/~patrick
 Pine Internet B.V.      GOAT666-RIPE          PGP key ID BE7497F1
 Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/
 -- Pine Security Digest - http://security.pine.nl/ (Dutch) ----
 Excuse of the day: Your excuse is: it has Intel Inside

• Next message: Alfred Huger: "Re: Y2K bug in Shadow IDS (fwd)"
• Previous message: Justin Tripp: "HPUX Aserver revisited."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Sun Jan 02 2000 - 15:38:49 CST