[1224] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

bsd in.talkd+antiflash remote-remote hole

daemon@ATHENA.MIT.EDU (Julian Assange)
Fri Mar 10 13:16:20 1995

Date: Sat, 11 Mar 1995 02:00:47 +1100
From: Julian Assange <proff@suburbia.apana.org.au>
To: bugtraq@fc.net



line ~160 process.c

          if (hp != (struct hostent *)0) {
             char sys_buf[150];
             int child;
             caller_host=hp->h_name;
/*
             SECURITY BUG - Proff
             sprintf(sys_buf,"/etc/flash.mail %s",caller_host);
             system(sys_buf);
*/
          }
          else
            caller_host="unknown";

Modify your DNS hostfield to :

	;any_command_you_want

Set a talk flash to the site running the in.talkd d, and guess what happens?

Cheers,
	Julian Assange -Proff-


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1224] in bugtraq

bsd in.talkd+antiflash remote-remote hole

daemon@ATHENA.MIT.EDU (Julian Assange)Fri Mar 10 13:16:20 1995

daemon@ATHENA.MIT.EDU (Julian Assange)
Fri Mar 10 13:16:20 1995