Hello,
I'm leaving for Tokyo in a few hours' time and I don't have the time to finish
researching this, so let's see if a debian-audit-private list would be a good
thing by trying to cooperate on this problem.
Osiris (Debian packages: osiris, osirisd, osirismd) is a client/server tripwire
type of program. Finding vulnerabilities in security software is especially
dangerous, and osiris is wellknown enough to have half a book written about it:
http://books.slashdot.org/article.pl?sid=05/08/16/0455224
I have noticed that both the servers (osirisd and osirismd) have potential
format string bugs in that they have dangerous syslog calls of the syslog(prio,
buff) kind. Functions like ssl_verify_callback() and send_scan_error() could
perhaps be used to exploit it - I haven't finished that part of the research.
Additionally, [EDIT: undisclosed information]
Anyone who finishes the research and finds out a way to exploit this of course
gets co-credits in any DSA or similar publications. If they finish the research
with a negative result, at least we know for sure that Debian or other Unix
systems can't be cracked in that particular way.
If no-one is interested, I will complete this vulnerability research myself
when my vacation is over. I thought that this exclusive preview could be
slightly interesting for you and that it would be a nice opportunity for us to
work as a team.
Have a nice summer, Ulf
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
|
