Odd Addresses

Eric Murray ericm at lne.com
Tue Feb 13 15:26:42 PST 2001 

On Sun, Feb 11, 2001 at 12:44:40PM -0500, John Young wrote:
> 
> We have from time to time phantom "accesses" from odd 
> addresses such as yesterday:
> 
>    http://161/1.035 
> 
> These accesses and addresses do not show up in the log 
> files but are listed in summaries of accesses produced by 
> Analog on our dedicated server. When we run Analog of
> what should be the same log file on our machine the 
> addresses do not appear.


Interesting- the message below just showed up on bugtraq:



>From: Stephen Turner <S.R.E.Turner at STATSLAB.CAM.AC.UK>
>Subject:      Security advisory for analog
>To: BUGTRAQ at SECURITYFOCUS.COM
>
>SECURITY ADVISORY                                   13th February 2001
>----------------------------------------------------------------------
>Program: analog (logfile analysis program)
>Versions: all versions except 4.16 and 4.90beta3
>Operating systems: all
>----------------------------------------------------------------------
>There is a buffer overflow bug in all versions of analog released
>prior to today. A malicious user could use an ALIAS command to 
>construct very long strings which were not checked for length.   
>
>This bug is particularly dangerous if the form interface (which allows
>unknown users to run the program via a CGI script) has been installed.
>
>This bug was discovered by the program author, and there is no known
>exploit. However, users are advised to upgrade to one of the two safe
>versions immediately, especially if they have installed the form   
>interface. The URL is http://www.analog.cx/
>
>I apologise for the inconvenience.
>                                                        Stephen Turner
>
>--
>Stephen Turner               http://www.statslab.cam.ac.uk/~sret1/
>  Statistical Laboratory, Wilberforce Road, Cambridge, CB3 0WB, England
>  "Your account can only be used for a single internet session at any one
>   time and for no more than 24 hours in any one day." (NTL terms of use)



-- 
  Eric Murray           Consulting Security Architect         SecureDesign LLC
  http://www.securedesignllc.com                            PGP keyid:E03F65E5

More information about the cypherpunks-legacy mailing list