Re: FW: internet insecurity - repeated human errors

Jas (matt@nospam.uts.edu.au)
Wed, 15 Feb 1995 14:22:14 +1100 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen Boyd Gowing: "CIAC Advisory F-11: Unix NCSA httpd Vulnerability (fwd)"
Previous message: Ryan Shelswell: "FW: internet insecurity - repeated human errors"
In reply to: Ryan Shelswell: "FW: internet insecurity - repeated human errors"

Ryan Shelswell wrote this...
>
> Has anyone heard about this?
>
> Ryan
yep.. it uses exactly the same technique as used to break fingerd that
was used in the RSM worm (coast.cs.purdue has docs on this, including
source code). there is a publicly available program that will exploit
this hole, but it currently only runs on HP-PA machines running HP-UX
9.x. it has been suggested that you could do a brute force attack on
almost any architectures (given a few pre-computed guesses). there is
a patch coming due forth for it from NCSA and the fix involves
basically changing the size of one local array decleration. if you
really want more info mail me.

Matt

-- 
Matthew Keenan   Systems Programmer   Information Technology Division
      University of Technology     Sydney Australia
email: matt@nospam.uts.edu.au   www: http://milliways.itd.uts.edu.au/~matt/
ph: +61 2 330 1390   fax: +61 2 330 1999   home: +61 2 416 5722
GCV 2.1 GAT/M/CS d--(-+) H-- s++:-- g+ p? !au a-(?) w+++ v+ C+++$
UVS++++$ P+>+++ L- 3+++ E-(++) N++ K W--- M+ V-- -po+(+) Y+ t+
!5>++ jx R+ G? !tv b+++ D++ B e+ u--(**) h- f+(*) r n- !y
It's nice to be in a position where people apologize because they
assume there's humor in your work, based on past experience,
but they're not sure where it is. -- Rob Pike

Next message: Stephen Boyd Gowing: "CIAC Advisory F-11: Unix NCSA httpd Vulnerability (fwd)"
Previous message: Ryan Shelswell: "FW: internet insecurity - repeated human errors"
In reply to: Ryan Shelswell: "FW: internet insecurity - repeated human errors"