[917] in linux-security and linux-alert archive
[linux-security] Re: identd hole?
daemon@ATHENA.MIT.EDU (Dave G.)
Wed Jul 17 11:09:14 1996
From: "Dave G." <daveg@escape.com>
To: bugtraq@netspace.org
Date: Tue, 16 Jul 1996 10:15:49 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu, blh@nol.net
As far as I know, there is no buffer overflow in atoi() under linux.
This rumor was started when there was a problem in some IRC clients. At
the time I took a look at atoi() and strtol(). Not only were there no
buffer overflows, there were no buffers at all :).
I haven't seen any evidence that he was actually hacked via ident.
Actually his description hasnt even explicitly stated that the intruder
got in.
[Mod: In a subsequent post to Bugtraq, Brett stated: "After several
hours of checking logs and other material I've come to the realization
that the hack used to attack one of my machines was indeed the
sendmail/identd hack referenced some time ago." Exactly what log
entries, etc., led him to this conclusion is unknown to me at this time.
--Jeff.]
Brett: You said you caught hime with a login process. Did the ps say
'login blah etc...' or 'bash' or 'sh' or 'tcsh'. Since you havent had a
chance to check it, you dont know whether he just managed to launch
denial of service attacks on it.