Re: Security vulnerabilitys in AX.25/IP Node Software (multiple)

From: Gavin Rogers (terhi.victor@logonet.com)
Date: Fri Aug 29 2003 - 21:19:00 EEST

Next message: Stephen Hemminger: "[PATCH] set socket owner (ax25, rose, netrom)"

Previous message: eawzs.ktoa@iqi.ru: "Design problem in convers daemon."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
>----{ buffer overflow and popen() flaws }----
>
>* URONode (up to v0.5-R2) [Message command]
> - mailbox.c:131 - Buffer overflow
> - popen() stuff below is availible for all! (REALY SERIUS!)
>
>* AWZNode (up to v0.4-pre2) [Send command]
> - mailbox.c:134 - Buffer overflow (Note 1)
> - popen() stuff below exist, but is not availible... (Note 1)
>
>* LinuxNode
> - This function does not exist in LinuxNode.

Hi All.

Just for info:

The popen using code that AWZNode/URONode uses to handle email sending
appears to have been taken from the "PMS" program distributed with
ax25-utils (ax25-utils-2.1.42a from
http://hes.iki.fi/pub/ham/unix/linux/ax25/ax25-utils-2.1.42a.tar.gz)

So PMS (designed to be called from ax25d and emulates a TNC mailbox) from
ax25-utils is also vulnerable to attack.

73
Gavin

--- Amateur radio station VK6HGR http://vk6hgr.ampr.org/

Email : vzvt.mnzsprdqup@elgood.com Packet: vk6hgr@vk6hgr.#per.#wa.aus.oc

- To unsubscribe from this list: send the line "unsubscribe linux-hams" in the body of a message to terhi.victor@logonet.com More majordomo info at http://vger.kernel.org/majordomo-info.html

Next message: Stephen Hemminger: "[PATCH] set socket owner (ax25, rose, netrom)"
Previous message: uze.gmddiyflwd@hydrosoft.net: "Design problem in convers daemon."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 29 2003 - 21:19:20 EEST