Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: more named warez
From: jdrake () ALPHA PULSAR NET (Joshua J. Drake)
Date: Wed, 10 Jun 1998 17:49:28 -0400


Oops...

For all of you that had trouble compiling the source.. I have a patch.

I agree that what I said can be thought of as security through obscurity..
However.. I never claimed that it would secure anything.  Let me try to
explain...

A cracker is trying to exploit your vulnerable version of named.  In
order to do this successfully, the attacker must know what version
you are running.  Not only that, but they must also know what OS you
run, and how you ran named (at boot/from login shell).  If the cracker
can't get all that information, then they are most likely going to crash
named.  If the administrator of the machine that is being attacked looks
into why named crashed, they will find a core file.

To most admins, this seems harmless enough.. we complain about poorly
written software and restart named.  In order for the attacker to guess
the required information by trying the exploit, this process would have to
be repeated several times by both parties.  By the second or third time,
most admins would assume named is broken and try to upgrade it.  At that
point, the hole gets plugged.

On the other hand, if the attacker can get the required information, then
a breach will be successful on the first try.  This is also the case with
other daemons that don't fork() for client interaction.

Security through obscurity doesn't work, nor will it ever.  Think about it
though, every little bit helps.  Why help any malicious people gain
unauthorized administrator level access to your machines?

Joshua James Drake
jdrake () pulsar net
http://www.pulsar.net/~jdrake/

|--- patch begins here, filename: bi-patch ---

*** binfo-udp.c.old     Wed Jun 10 17:10:24 1998
--- binfo-udp.c Wed Jun 10 17:21:20 1998
***************
*** 21,27 ****
  #include <time.h>
  #include <string.h>
  #include <ctype.h>
! #include <sys/errno.h>
  /* network type includes */
  #include <sys/types.h>
  #include <sys/socket.h>
--- 21,27 ----
  #include <time.h>
  #include <string.h>
  #include <ctype.h>
! #include <errno.h>
  /* network type includes */
  #include <sys/types.h>
  #include <sys/socket.h>
***************
*** 89,95 ****
          memcpy(&ra->sin_addr.s_addr, he->h_addr, 4);
          return 1;
       }
!    herror("Unable to resolve hostname");
     return 0;
  }

--- 89,95 ----
          memcpy(&ra->sin_addr.s_addr, he->h_addr, 4);
          return 1;
       }
!    fprintf(stderr, "Unable to resolve hostname: %s\n", hn);
     return 0;
  }

***************
*** 161,167 ****
--- 161,169 ----
  #ifdef DEBUG
     printf("write() success\n");
  #endif
+ #ifndef __sun__
     siginterrupt(SIGALRM, 1);
+ #endif
     signal(SIGALRM, handle_alarm);
     alarm(3);
     pktlen = read(sd, pkt, pktl);

|--- end of patch ---



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault