Raphael Marichez wrote:
you're fixing your script when someone shows a security hole, that's a good practice. But don't insult the men who mention the vulnerabilities... They are actually helping you, because you're improving your script thanks to them.
Hello... Some of you guys seriously need to do some reading and refreshing of your browsers... The script was fixed days ago.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050952.html
// SNIPPED
Nov 27 16:31:21 local sshd[67010]: Illegal user dd from 213.134.128.227
awk '($5=="Illegal"||$6=="Illegal")&&$9=="from"{print $10}'
Would stop the insertion attack and only print out the tench field if
fields 5, 6 and 9 match Illegal user from.
So that would pretty much minimize the attack on name insertion. If I wanted to I could also make sure that if someone came after field 10, then ignore the entire line:
Nov 27 16:31:21 local sshd[67010]: Illegal user dd from 213.134.128.227 ...SO let me restate. I could modify it to look at lines 5, 6, and 9 ... Take a look at the tenth column and if anything comes after that...Ignore that entire line... Should I have done so, maybe... Will I do so... Maybe...
// END SNIPAnd I fixed it the same day to avoid the insertion of moronic usernames. Read the entire thread. My critiques comes from people who only snip out what is suitable for them to read.
-- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government. John Adams
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/