Re: SUMMARY: AntiFlash talkd

Gary Anderson (ganderson@clark.net)
Mon, 24 Apr 1995 19:33:08 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Julian Assange: "The Dan Farmer rap - authors note"
Previous message: Paul Robinson: "Good Times"
In reply to: Richard Allen: "SUMMARY: AntiFlash talkd"
Next in thread: Marek Michalkiewicz: "Re: SUMMARY: AntiFlash talkd"

On Mon, 24 Apr 1995, Richard Allen wrote:

> Date: Mon, 24 Apr 1995 11:03:11 +0000 (GMT)
> From: Richard Allen <ra@rhi.hi.is>
> To: bugtraq@fc.net
> Subject: SUMMARY: AntiFlash talkd
> 
> 
> I have recived quite alot of mail regarding my request for a talk daemon
> that can remove those annoying flashes. Apparently this is a hot issue,
> many people sent me Email saying that they where interested in this matter.
> 
> 
> Here are the most interesting replys I have recived so far.
> 

[ SNIP ]

> 
> Shortly after I sent my request to bugtraq, I got an idea to look around
> on my local Linux mirror and found "talkd+antiflash+hatemail.tar.gz"
> which basicly filters out flashes and then sends automatic 'hatemail' to
> root@remote.site
> 
> However, I ran into problems compiling it on our HP9000's, Linux
> apparently has a '<protocols/talkd.h>' in it's system includes.
> 


Richard,
You might want to look at the following, regarding 
"talkd+antiflash+hatemail.tar.gz".  It appeared on this list not too long 
ago:


>From elias@power.netMon Apr 24 19:24:43 1995
>Date: Mon, 13 Mar 1995 01:08:30 -0800 (PST)
>From: Elias Levy <elias@power.net>
>Reply to: linux-security@tarsier.cv.nrao.edu
>To: linux-security@tarsier.cv.nrao.edu
>Subject: in.talkd+antiflash
>
>This message appeared in bugtraq and it applies to linux
>in.talkd with the antiflash patches found in sunsite.
>(What what that Olaf said? ALERT? :) )
>
>---------- Forwarded message ----------
>Date: Sat, 11 Mar 1995 02:00:47 +1100
>From: Julian Assange <proff@suburbia.apana.org.au>
>To: bugtraq@fc.net
>Subject: bsd in.talkd+antiflash remote-remote hole
>
>
>
>line ~160 process.c
>
>          if (hp != (struct hostent *)0) {
>             char sys_buf[150];
>             int child;
>             caller_host=hp->h_name;
>/*
>             SECURITY BUG - Proff
>             sprintf(sys_buf,"/etc/flash.mail %s",caller_host);
>             system(sys_buf);
>*/
>          }
>          else
>            caller_host="unknown";
>
>Modify your DNS hostfield to :
>
>	;any_command_you_want
>
>Set a talk flash to the site running the in.talkd d, and guess what 
>happens?

>Cheers,
>	Julian Assange -Proff-



__
********************************************************************************
    _/_/_/_/_/   _/_/_/_/_/   _/_/_/_/_/   _/   _/	|  Gary Anderson
   _/           _/      _/   _/      _/    _/  _/	|  ganderson@clark.net
  _/  _/_/_/   _/_/_/_/_/   _/_/_/_/_/      _/_/	|  --------------------
 _/      _/   _/      _/   _/       _/       _/		|  finger me for my
_/_/_/_/_/   _/      _/   _/         _/     _/		|  pgp public key
********************************************************************************
Gerrold's Laws of Infernal Dynamics:
	(1) An object in motion will always be headed in the wrong
	    direction.
	(2) An object at rest will always be in the wrong place.
	(3) The energy required to change either one of these states
	    will always be more than you wish to expend, but never so
	    much as to make the task totally impossible.

Next message: Julian Assange: "The Dan Farmer rap - authors note"
Previous message: Paul Robinson: "Good Times"
In reply to: Richard Allen: "SUMMARY: AntiFlash talkd"
Next in thread: Marek Michalkiewicz: "Re: SUMMARY: AntiFlash talkd"