[7933] in bugtraq
Re: security problems with jidentd
daemon@ATHENA.MIT.EDU (Scott Fuhrman)
Fri Sep 11 15:37:02 1998
Date: Fri, 11 Sep 1998 08:59:05 -0500
Reply-To: Scott Fuhrman <scru@TECHNOTRONIC.COM>
From: Scott Fuhrman <scru@TECHNOTRONIC.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19980910202342.44830@execpc.com>
I believe this has been discussed before, but it wasnt given much attention
At 08:23 PM 9/10/98 -0500, you wrote:
>Jidentd is linux-specific. I do not know of any distributions that
>include jidentd, however there is a copy in the contrib area of
>RedHat's FTP site. It is apparently popular among the irc crowd due
>to its ability to provide fake responses to queries. It is believed
>that it often is run as root. When run in standalone mode it provides
>no mechanism to drop privilege after binding its socket.
Another identd popular amongst irc patrons that falls into this category is
cidentd. It offers the ability to fake responses via a user defined
string, and the function that reads this string is vulnerable to buffer
overflows. To my knowledge the program is not distributed with any Linux
distro, but it was(might be now) once recommended in the ircii-pana(BitchX)
documentation.
There is also a non public exploit floating around for cidentd1.2b(I
believe) which will drop a local user into a root shell. The program is
available somewhere on sunsites labyrinth of an ftp server.
