[2916] in bugtraq
Re: rdist exploit [bsdi]
daemon@ATHENA.MIT.EDU (Andrew Kosyakov)
Sun Jul 14 17:42:55 1996
Date: Sun, 14 Jul 1996 13:41:44 +0300
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Andrew Kosyakov <caseq@sharks.kylmedia.fi>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Hi!
Quoting Andrew N. Edmond:
> chflags noschg /usr/bin/rdist # must take off immutable flag!
> chmod 000 /usr/bin/rdist # wipe all functionality from this prog
> Looking forward to a source patch, for sure!
I fixed it this way. At least it fixes the hole that is exploited in
Brian Mitchell's script, but I'm unsure about others -- I'm getting paranoid,
too :-)
--- lookup.c.old Fri May 27 16:32:33 1994
+++ lookup.c Fri Jul 12 14:06:13 1996
@@ -126,11 +126,12 @@
register unsigned n;
register char *cp;
register struct syment *s;
- char buf[256];
+ char *buf=alloca(strlen(name)+50);
if (debug)
printf("lookup(%s, %d, %x)\n", name, action, value);
+ if (buf==NULL) fatal("ran out of memory");
n = 0;
for (cp = name; *cp; )
n += *cp++;
--
Sincerely yours
/&rew
***
Andrew V. Kosyakov, Chance Publishing House, System Administrator
caseq@chance.ru, 2:5030/31@Fidonet.Org, +7(812)210-8046
PGP key fingerprint: BA A8 48 20 E4 AE 9C 52 C5 5F C3 B8 1E 67 2C BF
