|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Traceroute problems
From: Tim Robbins (fyre
box3n.gumbynet.org)Date: Tue Aug 29 2000 - 18:54:35 CDT
- Next message: Tim Robbins: "SysVinit audit: mesg and wall"
- Previous message: Cooper: "Re: password file locking"
- In reply to: Chris Evans: "Re: Traceroute problems"
- Next in thread: David Luyer: "Re: Traceroute problems"
- Reply: Tim Robbins: "Re: Traceroute problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 28 Aug 2000, Chris Evans wrote:
> This one already got spotted. Despite looking harmless, it was almost
> exploitable. In fact it still might be...
>
> Is this version of traceroute actively maintained? If so, there's a few
> trivial patches floating around to drop drop privileges (apart from the
> raw socket) even earlier, before the command line is looked at and
> parsed. This patch has been hoovered up by RedHat in their BETA release.
Yes. The use of the -w, -q and packet length options had already been
spotted and reported on bugtraq in late 1999. The BSD's all seem to use
strdup() now instead of savestr(). There are quite a lot of patches
floating around, so I decided to combine these with the patch I released
earlier this week. The new patch is available at:
http://box3n.gumbynet.org/~fyre/traceroute-1.4a5-misc.patch
A gzip'd copy of the patch is also attached to this message.
Tim
-- Tim Robbins fyre.. Now KEN and BARBIE are PERMANENTLY ADDICTED to MIND-ALTERING DRUGS.. - Zippy the pinhead
- APPLICATION/octet-stream attachment: traceroute-1.4a5-misc.patch.gz
- Next message: Tim Robbins: "SysVinit audit: mesg and wall"
- Previous message: Cooper: "Re: password file locking"
- In reply to: Chris Evans: "Re: Traceroute problems"
- Next in thread: David Luyer: "Re: Traceroute problems"
- Reply: Tim Robbins: "Re: Traceroute problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]