Some time ago Bugtraq Archiver declared:
>
> > Aleph-1 mentioned that it might be a sendmail overrun bug if the connections
> > were to HIS ident port but they were not. All the same this bug is also news
> > to me (I'm fairly new to bugtraq) and I can only assume that this also has
> > been used in the past(?). MY current sendmail on *all* of my machines is
> > 8.7.5 but I'm willing to bet that there are already hacks to that one as
> > well.
>
> its possible that its an atoi() (or more properly strtol()) bug.. Most
> people run identd as root, this means that if someone happens to overflow
> a buffer (which is easily done with atoi()) then you can write on the
> stack and execute things as root (there may have been so many connections
> becuase his exploit was guessing the proper stack offset.. I am not certain
> this is what was done either, its just a guess with the information provided..
>
Hmm, how can I find out what version of auth/identd/pidentd I am running?
I'd like to be able to peek into the source of the particular version that's
running on several Slackware 3.0 machines (all of the vulnerabilities that
I am aware of are fixed on those, but this one is new for me).
'strings' doesn't give any clue, ... I have the source here for pident-2.5.1
and 2.6.1, but I'm totally clueless to which version Slackware uses.
$) Henri
--
I've got nothing to do,... 'cept hang around and get screwed up on you...
--- Therapy?, "Screamager", SHORTSHARPSHOCK EP (1993)
Received on Jul 16 1996
Intro
