Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9

To: debian-security@lists.debian.org
Subject: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
From: "Hulio Menendez IV" <huliomenendeziv@mymelody.com>
Date: Wed, 07 Apr 2004 12:55:17 +0800
Message-id: <[🔎] 20040407045518.1EF2A1B92C@ws1.hk3.outblaze.com>

Hello Debain Security,
My name is Hulio Ramirez Chi Menendez IV. You are running Debian 3.0r2.
My Debian use the tcp wrapp for security which is written by porcupine.org. My Debian is exploit by cracker use a bug in the tcp wrapp package version 7.6 in Debian distribute tcpd-7.6-9. The tcp wrapp package has bug in source which exploited by internet cracker everytime. This is bug exploited on the irc servers also the chat servers.

...
	} else if (STR_NE(host->name, hp->h_name)
		   && STR_NE(host->name, "localhost")) {
		   
	STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), strlen(inet_ntoa(sin->sin_addr)));
                                                          ^^^^^ BUGBUG!!!!
...
                                                       
Please is Debain packages being update to newest wrappers? What is this security software not written in  safe strings library like DJB Qmail or daemontools?? This is cause of most of security problem in the C.

My english is not so good sorry.

Hulio Menendez IV
--
Sometimes you hurt me



-- 
_______________________________________________
Get your own MyMelody email @ www.sanriotown.com

Powered by Outblaze

Reply to:

Follow-Ups:
- Re: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
  - From: Cédric Devillers <cedric@laria.u-picardie.fr>

Prev by Date: Re: Lars Dehning/415/DCAG/DCX ist außer Haus.
Next by Date: Re: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
Previous by thread: Re: Positive press for Debian's security team
Next by thread: Re: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
Index(es):
- Date
- Thread