[142] in linux-security and linux-alert archive
in.talkd+antiflash
daemon@ATHENA.MIT.EDU (Elias Levy)
Mon Mar 13 09:57:51 1995
Date: Mon, 13 Mar 1995 01:08:30 -0800 (PST)
From: Elias Levy <elias@power.net>
To: linux-security@tarsier.cv.nrao.edu
Reply-To: linux-security@tarsier.cv.nrao.edu
This message appeared in bugtraq and it applies to linux
in.talkd with the antiflash patches found in sunsite.
(What what that Olaf said? ALERT? :) )
---------- Forwarded message ----------
Date: Sat, 11 Mar 1995 02:00:47 +1100
From: Julian Assange <proff@suburbia.apana.org.au>
To: bugtraq@fc.net
Subject: bsd in.talkd+antiflash remote-remote hole
line ~160 process.c
if (hp != (struct hostent *)0) {
char sys_buf[150];
int child;
caller_host=hp->h_name;
/*
SECURITY BUG - Proff
sprintf(sys_buf,"/etc/flash.mail %s",caller_host);
system(sys_buf);
*/
}
else
caller_host="unknown";
Modify your DNS hostfield to :
;any_command_you_want
Set a talk flash to the site running the in.talkd d, and guess what happens?
Cheers,
Julian Assange -Proff-
