[1224] in bugtraq
bsd in.talkd+antiflash remote-remote hole
daemon@ATHENA.MIT.EDU (Julian Assange)
Fri Mar 10 13:16:20 1995
Date: Sat, 11 Mar 1995 02:00:47 +1100
From: Julian Assange <proff@suburbia.apana.org.au>
To: bugtraq@fc.net
line ~160 process.c
if (hp != (struct hostent *)0) {
char sys_buf[150];
int child;
caller_host=hp->h_name;
/*
SECURITY BUG - Proff
sprintf(sys_buf,"/etc/flash.mail %s",caller_host);
system(sys_buf);
*/
}
else
caller_host="unknown";
Modify your DNS hostfield to :
;any_command_you_want
Set a talk flash to the site running the in.talkd d, and guess what happens?
Cheers,
Julian Assange -Proff-