Whoisd buffer overrun
- Previous message (by thread): Whoisd buffer overrun
- Next message (by thread): 1. Draft, proposed agenda DB-WG meeting RIPE-35, Thu.,Feb.24 2000
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Valentin Hilbig
tino at kiosk-online.de
Thu Feb 3 20:19:13 CET 2000
Perhaps you should note that the patch has to be applied REVERSE. You can state this in the patch call like this: $ patch -R < /tmp/whoisdpatch You can see this if you examine the diff. No big problem, because without -R patch should detect this case and should ask if the patch should be applied reverse, though. But I haven't checked myself because I do not have a copy of whoisd running. Anyway, I thank you for your quick warning. -Tino RIPE Database Administration schrieb: > > > Dear colleagues, > > It was brought to our attention last night that the perl whoisd server > the RIPE NCC is currently running is vulnerable to a buffer overflow > attack. > > We have taken action immediately and fixed this problem on our > production servers. We have also checked for traces of people taking > advantage of the vulnerability and concluded that this was not the > case. > > The whois service was not affected. > > Should you be running a copy of our software, please apply the patch > attached below to bin/whoisd. It truncates the query to 255 characters. > > If you have any questions or comments, please contact <ripe-dbm at ripe.net>. > > > We would like to thank Geert Jan de Groot and Steve Bellovin for > bringing this to our attention. > > Kind Regards, > > Mirjam Kuehne > Head External Services > RIPE NCC > -------------------- > > > 1. save the following text as /tmp/whoisdpatch > > ----------cut here------------------------------ > *** whoisd.trunc Wed Feb 2 22:28:34 2000 > --- whoisd Wed Feb 2 22:29:46 2000 > *************** > *** 1679,1694 **** > $query=join(" ", @ARGV); > } > else { > - my($trunclen); > - > alarm $KEEPOPEN if (!$commandline); > $query=<$input>; > - > - # truncate to 255 chars > - $trunclen = length($query); > - $trunclen = 255 if $trunclen > 255; > - substr( $query, $trunclen ) = ""; > - > } > > # &dpr("query: -$query- errorcode: -$!-\n"); > --- 1679,1686 ---- > ----------cut here-------------------------------- > > > 2. execute in the directory where your whoisd lives: > $ patch < /tmp/whoisdpatch > > -- Valentin `Tino' Hilbig mailto:tino at kiosk-online.de NOC Online-Kiosk GmbH http://www.noc.baycix.de/ Tel. +49-180-5654357 privat: http://geht.net/ Fax. +49-871-9253629 privat: nospam at geht.net
- Previous message (by thread): Whoisd buffer overrun
- Next message (by thread): 1. Draft, proposed agenda DB-WG meeting RIPE-35, Thu.,Feb.24 2000
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]