Bugtraq mailing list archives
Re: Internet Auditing Project
From: luyer () UCS UWA EDU AU (David Luyer)
Date: Mon, 16 Aug 1999 09:51:58 +0800
The tool mentioned in this has a couple of show-stopper bugs, at least for my system. The options default to -c on, the getopt doesn't accept c and the option parsing just turns it on anyway. Also, the use of longjmp out of an alarm handler breaks things. It should be siglongjump and sigsetjmp. The second alarm signal never happens and the program hangs indefinitely. (this is Linux 2.0.37, glibc 2.1) For those who want to get it working quickly, here's a patch (gzipped, uuencodes, if you don't know how to decode/apply then you shouldn't be using the scanner anyway). begin 644 bass-1.0.7.patch.gz M'XL(""1MMS<"`V)A<W,M,2XP+C<N<&%T8V@`G5=M4^,V$/Y,?L4>G;FSL1,2 M<KF0!%KH-5R9`4()G6G[)>/8<JS#L5Q)=@Z8^^]=28[S0L(UW,S9BJ1=[S[/ M:A\1T#"$:L9O8.P)46W4ZK7VX:_GPV'-7YJIA?0;"8KY2K5:?;E[[YHE<)Y- M`#I0;W8_-KNM!C0ZG4[%<9QMKDJCQB>H=[I']6[SV!B=G4&U4>^X;7#,Z^RL M`OK?F``G7@`A9U/PP&=)2"<9]R1%7R&-B0T'AQ50NP\/(/6X("X$U"?@)0&( M6(_X))N21$+NQ1D1QI?/IE.U):8)42ZJ`+,(_5D62[M6(_X))N21$+NQ1D1QI?/IE.U):8)42ZJ`+,(_5D62[7S4Y@0B6,+S7U7.<E= MV(^[LONUF^;1OFW#NU/H#R[LBK.+K;]NK?,4,RK]J+`OY@">YP/?$P0^Q!^@ M:[!J-C56^J6PVALC2@\]`\3"P%<&U3WC5=1\-O-X,)JR@&"(@YM>Q=FR)B17 M'OQIJD+"^#%\ENS;\`L,+M'OQIJD+"^#%\ENS;\`L,+BZ@JXVW?3577PTVE=J8)L&F4C/SZZ5F9G<LM34C M4VK-3K>Q5&JM(X6>?II"XT1F/$%<32X>M4VK-3K>Q5&JM(X6>?II"XT1F/$%<32X>GUJ23@G+I-W#RJ"A!>\$D5\1#OP_ MSD(;;"3'*5;H9&71;9AEY3A',%5((^G%#]8](DGDQ6\NT'\SPA]=$/2)L-`R M/VT7+O_XLW_WMPWOWY>@;K3/5^WSN;TQ[RE;E44=AQN92(B<,?ZPB8QR:9V/ M<F%'2E[:%:P<=UN=!2O-MF)%/S4K%$\L726$S^E88\,&P\4F*G!-0QDR;E%D MH]X#"B<:.*A"`W\YCF9+!]$^5D'H9QE$@C!C^_B_H3R_%LOS(ACET\2C1B<^ MR_`;>@S.*22V*0!589;J*#-.);$$\Q_"P`7T!X[>[(*VQ%S4+U5Y)^@47TM% M;?IKV_37.<!%,M?G?XWZGW\?W/5OKW3EO#$M#!7;Q6CF43GB)(T?+2\(^&HI M+H[:/*@CC;=Y+06U.'UO#T>?/12,A/BRQ$T0GH]48-B5\1F39%N$/"]"[)A> MVYGWVN\J2A0;+T8CI,5+4\)!1IZ$E!-D=BJPNB:)%P/#%2U5`C\GU"0,+[^< M7]U=@V1*<B",/1&-/?_!Q1FE=ID@`:`81MKD_&#C'`(MA:IB53;JC1V< M)8%`/9G7]U']D]OX"$[Q+G3VN\FJBED5V>,W9$M)8%`/9G7]U']D]OX"$[Q+G3VN\FJBED5V>,W9$0@9<H-"X%\(WZFM4TG.O,P M1R_'"#)!DTD1JXL`4,8KSMO]S%.9NU+1%3X,M1R_'"#)!DTD1JXL`4,8KSMO]S%.9NU+1%3X,WK@LU4Z&34VEFS,:+,#162/, MC!.3])P)J\#=502,+K_<:*ZU2\,[LA&S9+)42-#`>4<YV+MC!.3])P)J\#=502,+K_<:*ZU2\,[LA&S9+)42-#`>4<YV+1@RN#UYAIM[X71 MMN8:O;&Y1B\EK]5:NEV9RU6G/&8_T<2/,Q3[$P-X+?MMN8:O;&Y1B\EK]5:NEV9RU6G/&8_T<2/,Q3[$P-X+?I9@8"CD>HM)E7,']-? MGS/E+UE")Y%$_E+B4R\6M5K-W,4V8L)3?Y/8Z.EU+/3DCCBLVBQD_VB!0:>E M,-!/7?>?KR[[-_=PX,=TA_;^NM*8UF,\JO83)U+ZZ<C'BQ)V;VXZ3\H97JAR MPK$MJ,:4:H$)Q).+Q\;/Q9/=`_BAA,_P&*#33:B62^O(MPK$MJ,:4:H$)Q).+Q\;/Q9/=`_BAA,_P&*#33:B62^O(E@L[HOO2KD2XWEZ2 M<-W-FZ5Z*ID;/TJ\<VN=T\,3)3AW_>'MX&;8'PTO_^D7"\YILD!PE8=M1+S* M1'%[QBU:/]6?$:4,<")2[,H$-51_VX474:&@ZB7;"*JYDS\#X3QAZ*Y_>S>X 6'6'_1@PK`]A1Z->]@1_@/D5#R88`T````` ` end David.
Current thread:
- Internet Auditing Project Elias Levy (Aug 13)
- Re: Internet Auditing Project Jerry Carlin (Aug 13)
- Re: Internet Auditing Project CyberPsychotic (Aug 16)
- Re: Internet Auditing Project Viljo Hakala (Aug 17)
- Stupid bug in W3-msql gregory duchemin (Aug 17)
- Re: Stupid bug in W3-msql David J. Hughes (Aug 19)
- Httpd Logging Methods v0rt (Aug 23)
- <Possible follow-ups>
- Re: Internet Auditing Project David Luyer (Aug 15)
- Re: Internet Auditing Project Peter J. Holzer (Aug 17)
- [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Bill Nottingham (Aug 17)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Michal Zalewski (Jul 03)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Michal Zalewski (Jul 03)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Tymm Twillman (Aug 19)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Michal Zalewski (Jul 03)
- [RHSA-1999:029-01] Denial of service attack in in.telnetd Bill Nottingham (Aug 19)
- Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Olaf Kirch (Aug 19)
- Insecure use of file in /tmp by trn Martin Schulze (Aug 19)
- Winamp SHOUTcast server: Gain Administrator Password Michael (Aug 20)
- Re: Internet Auditing Project Jerry Carlin (Aug 13)