On Sun, Jul 21, 2002 at 02:09:24PM +0200, SpaceWalker wrote:
> -This exploit will never be used to haxor something because I never
> saw this traceroute used by default
Well, SuSE has been using Nanog traceroute for ages; at least
since 7.0 but probably longer.
OTOH, the bug isn't very new either. The nktib package in SuSE Linux
7.0 has a patch for this vulnerability dated 2000/10/03 14:12:43.
Finally, let me remark that your exploit has a minor bug in detecting
vulnerable versions. Using the attached patch it will properly
recognize patched versions of traceroute :)
Cheers
Olaf
--
Olaf Kirch | Anyone who has had to work with X.509 has probably
okir@suse.de | experienced what can best be described as
---------------+ ISO water torture. -- Peter Gutmann
--- main.c Wed Jul 24 14:41:38 2002
+++ tracerouteexp/main.c Sun Jul 21 14:04:48 2002
@@ -266,7 +266,7 @@
readbuf[lus]=0;
if(insaneverbose)
printf("*** result of first try : %s\n",readbuf);
- if(strstr(readbuf,"%x%x%x%x")){
+ if(strstr(readbuf,"%x%x%x%x%x")){
printf("*** fatal : This version is patched\n");
exit(-1);
}
