About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Whoisd buffer overrun

  • To: RIPE Database Administration < >
  • From: Valentin Hilbig < >
  • Date: Thu, 3 Feb 2000 20:19:13 +0100 (MET)
  • Cc:
  • Organization: Online-Kiosk GmbH
Perhaps you should note that the patch has to be applied REVERSE.  You
can state this in the patch call like this:

$ patch -R < /tmp/whoisdpatch

You can see this if you examine the diff.  No big problem, because
without -R patch should detect this case and should ask if the patch
should be applied reverse, though.

But I haven't checked myself because I do not have a copy of whoisd
running.  Anyway, I thank you for your quick warning.

-Tino


RIPE Database Administration schrieb:
> 
> 
> Dear colleagues,
> 
> It was brought to our attention last night that the perl whoisd server
> the RIPE NCC is currently running is vulnerable to a buffer overflow
> attack.
> 
> We have taken action immediately and fixed this problem on our
> production servers. We have also checked for traces of people taking
> advantage of the vulnerability and concluded that this was not the
> case.
> 
> The whois service was not affected.
> 
> Should you be running a copy of our software, please apply the patch
> attached below to bin/whoisd. It truncates the query to 255 characters.
> 
> If you have any questions or comments, please contact ripe-dbm@localhost.
> 
> 
> We would like to thank Geert Jan de Groot and Steve Bellovin for
> bringing this to our attention.
> 
> Kind Regards,
> 
> Mirjam Kuehne
> Head External Services
> RIPE NCC
> --------------------
> 
> 
> 1. save the following text as /tmp/whoisdpatch
> 
> ----------cut here------------------------------
> *** whoisd.trunc        Wed Feb  2 22:28:34 2000
> --- whoisd              Wed Feb  2 22:29:46 2000
> ***************
> *** 1679,1694 ****
>            $query=join(" ", @ARGV);
>         }
>         else {
> -       my($trunclen);
> -
>            alarm $KEEPOPEN if (!$commandline);
>            $query=<$input>;
> -
> -       # truncate to 255 chars
> -         $trunclen = length($query);
> -         $trunclen = 255 if $trunclen > 255;
> -         substr( $query, $trunclen ) = "";
> -
>         }
> 
>   #      &dpr("query: -$query- errorcode: -$!-\n");
> --- 1679,1686 ----
> ----------cut here--------------------------------
> 
> 
> 2. execute in the directory where your whoisd lives:
> $ patch < /tmp/whoisdpatch
> 
> 


-- 
Valentin `Tino' Hilbig     
	    
	    


NOC Online-Kiosk GmbH      http://www.noc.baycix.de/
Tel. +49-180-5654357       privat: http://geht.net/
Fax. +49-871-9253629       privat: nospam@localhost
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community