[2507] in bugtraq
Re: bind() Security Problems
daemon@ATHENA.MIT.EDU (Baba Z Buehler)
Mon Feb 5 19:57:22 1996
Date: Mon, 5 Feb 1996 10:27:17 -0600
Reply-To: Baba Z Buehler <baba@beckman.uiuc.edu>
From: Baba Z Buehler <baba@beckman.uiuc.edu>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Thu, 01 Feb 1996 20:48:25 EST."
<Pine.LNX.3.91.960201204325.135H-100000@redbox.newhackcity.net>
General Scirocco <sciri@newhackcity.net> writes:
> Cracking the MIT-MAGIC-COOKIE-1 authorization protocol.
>
> 1) Auth-data is generated from 16 successive random numbers.
> MIT-MAGIC-COOKIE-1 can use 2 different methods of seeding the random
> number generator:
>
> a) Using the process ID of xdm client & time of day in seconds
> b) Using the time of day in seconds & time of day in microseconds
> (that connection was established).
I believe that xdm is what is generating the cookies in these ways... this is
why my login scripts make my cookies...
randomkey=$( (ps -aewl;netstat -i;netstat -t;date) | md5 );
xauth add $(hostname)/unix:0 . $randomkey
xauth add $(hostname):0 . $randomkey
unset randomkey
While generating more secure cookies, this still doesn't prevent sniffing and
hijacking.
b
--
# Baba Z Buehler - 'Hackito Ergo Sum'
# Beckman Institute Systems Services, Urbana Illinois
#
# "I only use my gun when kindness fails"
# -- Robert Earl Keen, Jr.
#
# PGP public key on WWW homepage and key servers (key id: C13D8EE1)
# WWW: http://www.beckman.uiuc.edu/~baba/
