[713] in linux-security and linux-alert archive
Re: [linux-security] Bounds checking problem, apparently with libc >5.0.0 <5.3.9
daemon@ATHENA.MIT.EDU (lilo)
Thu May 9 17:44:59 1996
From: lilo <TaRDiS@mail.utexas.edu>
Date: Thu, 9 May 1996 12:16:42 -0500 (CDT)
To: Synthesizer Punk <lharring@tessier.com>
cc: lilo <TaRDiS@mail.utexas.edu>,
Linux Security List <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <Pine.LNX.3.93.960509071707.90A-100000@neo-can.netline.net>
On Thu, 9 May 1996, Synthesizer Punk wrote:
> This is an old 'exploit' if you will call it that. I won't provide
> specifics, for obvious reasons, but I will say that it uses the client to
> client protocol to fake a direct client connection send. I haven't gotten
> a chance to really look at it, but I've been testing it on idiots in the
> #warez channels (My testing grounds, no one cares what happens to them :P)
> and it seems as if it works about 1/5th of the time. Some scripts even
> gave me a dirty reply stating (quote) 'Try that backdoor somewhere else
> ASSHOLE!'. That one gave me a shock. :) I scanned it over in JED, (8 bit
> clean) and I noticed a reference to /bin/sh. If lilo doesn't want to
> provide the information, I will. A basic solve would be to ignore all
> CTCPs if you find your client is exposed to this:
> /ignore * ctcp
Problem being that it's been recycled to show a difficulty with libc, even
if your client is not susceptible to the original problem (recent ircII
doesn't seem to be).
The new problem would be a bounds checking problem with libc, it appears,
since it is corrected by updating libc.
Um, anyone who has to do /ignore * ctcp probably needs to upgrade their
client, since ctcp functions are fairly handy things. But that's a separate
issue for another time, and probably another venue....
Anyway, I've posted the exploit as an attachment to a previous message. If
your client is susceptible to the original backdoor (most aren't at this
point), upgrade it. If you are running libc >5.0.0 < 5.3.9 or so, upgrade
it. Any information on the character of the libc problem would be
appreciated; the irc backdoor is pretty much old hat.
lilo
