[2929] in bugtraq
Re: identd hole?
daemon@ATHENA.MIT.EDU (Bugtraq Archiver)
Tue Jul 16 01:57:11 1996
Date: Tue, 16 Jul 1996 03:38:50 GMT
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Bugtraq Archiver <bugtraq@lefty.novasys.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
> Aleph-1 mentioned that it might be a sendmail overrun bug if the connections
> were to HIS ident port but they were not. All the same this bug is also news
> to me (I'm fairly new to bugtraq) and I can only assume that this also has
> been used in the past(?). MY current sendmail on *all* of my machines is
> 8.7.5 but I'm willing to bet that there are already hacks to that one as
> well.
its possible that its an atoi() (or more properly strtol()) bug.. Most
people run identd as root, this means that if someone happens to overflow
a buffer (which is easily done with atoi()) then you can write on the
stack and execute things as root (there may have been so many connections
becuase his exploit was guessing the proper stack offset.. I am not certain
this is what was done either, its just a guess with the information provided..
