[NEWS] - SETI@home security flaw.

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,729
Location
Québec, Québec
People found a hole related to the SETI@home client for FreeBSD and it is believed that the hole could be common to all SETI@home versions :
Excerpt from Berend-Jan Wever a.k.a. SkyLined's advisory:

There is a bufferoverflow in the server responds handler. Sending an overly large string followed by a newline ('\n') character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form.

Example exploits for FreeBSD and other systems exist. A new version of SETI@home for FreeBSD is not available at the time of this security notice.
So if you're SETI'ing at your home (or elsewhere), this is a story to follow. I'm not very found of public reports on holes and flaws that haven't been fixed yet.
 
Top