Odd Addresses
Eric Murray
ericm at lne.com
Tue Feb 13 15:26:42 PST 2001
On Sun, Feb 11, 2001 at 12:44:40PM -0500, John Young wrote:
>
> We have from time to time phantom "accesses" from odd
> addresses such as yesterday:
>
> http://161/1.035
>
> These accesses and addresses do not show up in the log
> files but are listed in summaries of accesses produced by
> Analog on our dedicated server. When we run Analog of
> what should be the same log file on our machine the
> addresses do not appear.
Interesting- the message below just showed up on bugtraq:
>From: Stephen Turner <S.R.E.Turner at STATSLAB.CAM.AC.UK>
>Subject: Security advisory for analog
>To: BUGTRAQ at SECURITYFOCUS.COM
>
>SECURITY ADVISORY 13th February 2001
>----------------------------------------------------------------------
>Program: analog (logfile analysis program)
>Versions: all versions except 4.16 and 4.90beta3
>Operating systems: all
>----------------------------------------------------------------------
>There is a buffer overflow bug in all versions of analog released
>prior to today. A malicious user could use an ALIAS command to
>construct very long strings which were not checked for length.
>
>This bug is particularly dangerous if the form interface (which allows
>unknown users to run the program via a CGI script) has been installed.
>
>This bug was discovered by the program author, and there is no known
>exploit. However, users are advised to upgrade to one of the two safe
>versions immediately, especially if they have installed the form
>interface. The URL is http://www.analog.cx/
>
>I apologise for the inconvenience.
> Stephen Turner
>
>--
>Stephen Turner http://www.statslab.cam.ac.uk/~sret1/
> Statistical Laboratory, Wilberforce Road, Cambridge, CB3 0WB, England
> "Your account can only be used for a single internet session at any one
> time and for no more than 24 hours in any one day." (NTL terms of use)
--
Eric Murray Consulting Security Architect SecureDesign LLC
http://www.securedesignllc.com PGP keyid:E03F65E5
More information about the cypherpunks-legacy
mailing list