Re: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9

To: debian-security@lists.debian.org
Subject: Re: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
From: Cédric Devillers <cedric@laria.u-picardie.fr>
Date: Wed, 07 Apr 2004 09:22:26 +0200
Message-id: <[🔎] 4073AC32.50108@laria.u-picardie.fr>
References: <[🔎] 20040407045518.1EF2A1B92C@ws1.hk3.outblaze.com>

Hello,

Hulio Menendez IV wrote:

Hello Debain Security,
My name is Hulio Ramirez Chi Menendez IV. You are running Debian 3.0r2.
My Debian use the tcp wrapp for security which is written by porcupine.org. My Debian is exploit by cracker use a bug in the tcp wrapp package version 7.6 in Debian distribute tcpd-7.6-9. The tcp wrapp package has bug in source which exploited by internet cracker everytime. This is bug exploited on the irc servers also the chat servers.
...
	} else if (STR_NE(host->name, hp->h_name)
		   && STR_NE(host->name, "localhost")) {

STRN_CPY(host->addr, inet_ntoa(sin->sin_addr), strlen(inet_ntoa(sin->sin_addr)));

                                                         ^^^^^ BUGBUG!!!!
...

I have search these lines in tcp-wrapper's source but I don't find them.

Could you give to the list the name of the file and the number of theline please ?

Please is Debain packages being update to newest wrappers? What is this security software not written in  safe strings library like DJB Qmail or daemontools?? This is cause of most of security problem in the C.

My english is not so good sorry.

Hulio Menendez IV
--
Sometimes you hurt me


               Cedric Devillers

Reply to:

References:
- Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
  - From: "Hulio Menendez IV" <huliomenendeziv@mymelody.com>

Prev by Date: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
Next by Date: Re: Positive press for Debian's security team
Previous by thread: Fwd: Re: [incidents] Exploit for TCP Wrappers 7.9
Next by thread: can't see anything with 'w'
Index(es):
- Date
- Thread