bsd in.talkd+antiflash remote-remote hole

Julian Assange (proff@suburbia.apana.org.au)
Sat, 11 Mar 1995 02:00:47 +1100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mikael Simovits: "bsd in.talkd+antiflash remote-remote hole"
Previous message: Emily K. Hawthorn: "bugtraq archive - found!"
Next in thread: Leo Bicknell: "Re: bsd in.talkd+antiflash remote-remote hole"

line ~160 process.c

          if (hp != (struct hostent *)0) {
             char sys_buf[150];
             int child;
             caller_host=hp->h_name;
/*
             SECURITY BUG - Proff
             sprintf(sys_buf,"/etc/flash.mail %s",caller_host);
             system(sys_buf);
*/
          }
          else
            caller_host="unknown";

Modify your DNS hostfield to :

	;any_command_you_want

Set a talk flash to the site running the in.talkd d, and guess what happens?

Cheers,
	Julian Assange -Proff-

Next message: Mikael Simovits: "bsd in.talkd+antiflash remote-remote hole"
Previous message: Emily K. Hawthorn: "bugtraq archive - found!"
Next in thread: Leo Bicknell: "Re: bsd in.talkd+antiflash remote-remote hole"