[718] in linux-security and linux-alert archive
Re: [linux-security] libc bug exploited through ircII
daemon@ATHENA.MIT.EDU (lilo)
Fri May 10 15:37:16 1996
From: lilo <TaRDiS@mail.utexas.edu>
Date: Fri, 10 May 1996 12:57:41 -0500 (CDT)
To: zarquon@popalex1.linknet.net
cc: Linux Security <linux-security@tarsier.cv.nrao.edu>
In-Reply-To: <199605100531.AAA00234@dsrvlaf2-23.linknet.net>
On Fri, 10 May 1996 zarquon@popalex1.linknet.net wrote:
> The second argument is only supposed to consist of no more than 10
> digits, so writing a script to prevent this hack is simple:
>
> /on ^raw_irc "% PRIVMSG % *DCC % % ???????????* *" {
> echo Possible libc bug exploit received in DCC $4 from $0
> }
>
> This will prevent DCC requests with a second argument of 11 characters
> or more from being processed by ircII, and should do the trick if you
> happen to be too lazy to update libc.
But, we know that bounds problems can often be exploited to achieve things
like shell access to the account on which they are run. I think if you're
too lazy to update libc you're likely to be hit by the second or third
generation exploit, and the results may be nastier. It's also likely that
exploit will be written against some inetd daemon, rather than ircII.
lilo
