[7153] in bugtraq
Re: Sun libnsl lameness
daemon@ATHENA.MIT.EDU (nicholas harteau)
Thu Jul 2 13:22:47 1998
Date: Thu, 2 Jul 1998 00:44:20 -0500
Reply-To: nicholas harteau <nrh@SFX.COM>
From: nicholas harteau <nrh@SFX.COM>
X-To: George Clooney <madatsun@hotmail.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19980701234159.12828.qmail@hotmail.com>; from George Clooney on
Wed, Jul 01, 1998 at 04:41:58PM -0700
it should be noted that ssh and sshd make use of insecure functions as
mentioned below.
[root@squig ~/work/ssh/ssh-1.2.25] nm sshd | egrep 'getnetname|getsecretkey'
[428] | 372268| 0|FUNC |GLOB |0 |UNDEF |getnetname
[527] | 372280| 0|FUNC |GLOB |0 |UNDEF |getsecretkey
[root@squig ~/work/ssh/ssh-1.2.25] nm ssh | grep getnetname
[416] | 356736| 0|FUNC |GLOB |0 |UNDEF |getnetname
George Clooney wrote:
> Functions we have found vulnerable:
>
> Vulnerable key functions
> ---------------------------------------------------
> getsecretkey () : Calls getkeys_nis ()
>
>
> Vulnerable RPC functions
> ----------------------------------------------------
> getnetname () : Calls host2netname ()
--
nicholas harteau
nrh@sfx.com
