[2941] in bugtraq
Re: identd hole?
daemon@ATHENA.MIT.EDU (Dave G.)
Tue Jul 16 15:54:21 1996
Date: Tue, 16 Jul 1996 10:15:49 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Dave G." <daveg@escape.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
As far as I know, there is no buffer overflow in atoi() under linux.
This rumor was started when there was a problem in some IRC clients. At
the time I took a look at atoi() and strtol(). Not only were there no
buffer overflows, there were no buffers at all :).
I haven't seen any evidence that he was actually hacked via ident.
Actually his description hasnt even explicitly stated that the intruder
got in.
Brett: You said you caught hime with a login process. Did the ps say
'login blah etc...' or 'bash' or 'sh' or 'tcsh'. Since you havent had a
chance to check it, you dont know whether he just managed to launch
denial of service attacks on it.
