I realize the threat is not huge but, some IDS consoles such as demarc
call whois from a web interface. If you have a poorly secured IDS console
an attacker could utilize an exploit in whois to run code on your IDS
console with the same permissions as a web user. Again, this is not Earth
shattering, and a lot would have to be 'broke' already for an attacker to
get much out of it, but it's atleast worth mentioning.

-Blake

On 31 Jan 2002, jon schatz wrote:

> On Thu, 2002-01-31 at 08:37, ladd harris wrote:
> > Testing the whois -p i also get a core dump on red
> > hat 7.1....tried two machines both seem effected.
> > whether it can be exploited i do not still need to do
> > more tests......
>
> but what are you going to exploit? i found this bug a while ago, but
> never reported it because
>
> 1) the (newer) whois-1.0.9-1 rpm fixed the problem, and
> 2) whois isn't setuid. and never needs to be
>
> so at most, you're talking about executing code as yourself, which you
> can do without a buffer overflow.
>
> -jon
>
> --
> jondivisionbyzero.com || www.divisionbyzero.com
> gpg key: www.divisionbyzero.com/pubkey.asc
> think i have a virus?: www.divisionbyzero.com/pgp.html
> "You are in a twisty little maze of Sendmail rules, all confusing."
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]