Re: identd hole?

[H.Karrenbeld () ct utwente nl (Henri Karrenbeld)]

Some time ago Bugtraq Archiver declared:
> > Aleph-1 mentioned that it might be a sendmail overrun bug if the connections
> > were to HIS ident port but they were not. All the same this bug is also news
> > to me (I'm fairly new to bugtraq) and I can only assume that this also has
> > been used in the past(?). MY current sendmail on *all* of my machines is
> > 8.7.5 but I'm willing to bet that there are already hacks to that one as
> > well.
>
> its possible that its an atoi() (or more properly strtol()) bug..  Most
> people run identd as root, this means that if someone happens to overflow
> a buffer (which is easily done with atoi()) then you can write on the
> stack and execute things as root (there may have been so many connections
> becuase his exploit was guessing the proper stack offset..  I am not certain
> this is what was done either, its just a guess with the information provided..

Hmm, how can I find out what version of auth/identd/pidentd I am running?
I'd like to be able to peek into the source of the particular version that's
running on several Slackware 3.0 machines (all of the vulnerabilities that
I am aware of are fixed on those, but this one is new for me).

'strings' doesn't give any clue, ... I have the source here for pident-2.5.1
and 2.6.1, but I'm totally clueless to which version Slackware uses.

$) Henri
--
I've got nothing to do,...  'cept hang around and get screwed up on you...
--- Therapy?, "Screamager", SHORTSHARPSHOCK EP (1993)