Bugtraq mailing list archives

bsd in.talkd+antiflash remote-remote hole

From: proff () suburbia apana org au (Julian Assange)
Date: Sat, 11 Mar 1995 02:00:47 +1100


line ~160 process.c

          if (hp != (struct hostent *)0) {
             char sys_buf[150];
             int child;
             caller_host=hp->h_name;
/*
             SECURITY BUG - Proff
             sprintf(sys_buf,"/etc/flash.mail %s",caller_host);
             system(sys_buf);
*/
          }
          else
            caller_host="unknown";

Modify your DNS hostfield to :

        ;any_command_you_want

Set a talk flash to the site running the in.talkd d, and guess what happens?

Cheers,
        Julian Assange -Proff-

Current thread:

bsd in.talkd+antiflash remote-remote hole Julian Assange (Mar 10)
- Re: bsd in.talkd+antiflash remote-remote hole Leo Bicknell (Mar 10)
- <Possible follow-ups>
- bsd in.talkd+antiflash remote-remote hole Mikael Simovits (Mar 10)
- Re: bsd in.talkd+antiflash remote-remote hole Julian Assange (Mar 11)