Multiple Vendor "talkd" user validation fault.

[Tekno pHReak <tek () superw00t com>]

***** This writing is part of Malloc() Hackers & Malloc
() Security *****
                
        http://www.mallochackers.com
                
        http://www.superw00t.com     
**********************************************************
**************
        
Title: Multiple Vendor "talkd" user validation fault.
~~~~~
           Author: Teknophreak of Malloc() 
           ~~~~~~

Contact: "Teknophreak" - (tek () superw00t com)
~~~~~~~

No modification of the contents of this file should be 
made
without direct consent of the author or of Malloc() 
hackers or
Malloc() Security.
**********************************************************
**************


"talk" is a program available on multiple *nix OSes 
which allows
users to communicate within a system and/or 
remotely.


Their exist a flaw within the "talkd" which allows 
anyone masquerade
as anyone else either remotely or within the confines 
of the system.
This is due to the lack of user validation by the "talkd" 
for incoming
"talk" requests. This may be a catalyist for social 
engineering which can
lead to the revealing of private or sensitive information 
from other users.


Identification of User Masquerading
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If someone is initiating a talk request with "talksp00f" 
from the
user "root" for example. You should check to see if 
the root user
is actually logged in. And if he is not you can monitor 
the system
processes and figure out who is initiating the bogus 
talk request.

Also, if the user that is supposedly initiating the talk 
request 
to you *is* logged in. Check that users processes to 
see if he is
actually initiating the talk request to you.


Exploitation
~~~~~~~~~~~~

"Talksp00f" written by: Teknophreak of Malloc()
 Download: 
http://www.superw00t.com/projects/talkspoof.tar.gz