[NEWS] - SETI@home security flaw.

CougTek · Apr 27, 2003

People found a hole related to the SETI@home client for FreeBSD and it is believed that the hole could be common to all SETI@home versions :

Excerpt from Berend-Jan Wever a.k.a. SkyLined's advisory:

There is a bufferoverflow in the server responds handler. Sending an overly large string followed by a newline ('\n') character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form.

Example exploits for FreeBSD and other systems exist. A new version of SETI@home for FreeBSD is not available at the time of this security notice.

So if you're SETI'ing at your home (or elsewhere), this is a story to follow. I'm not very found of public reports on holes and flaws that haven't been fixed yet.

sechs · Apr 28, 2003

So what could be the result of this exploit?

CougTek · Apr 28, 2003

I'm no expert on these things, but I think a buffer overflow would result in a system hang.

honold · Apr 28, 2003

http://www.eeye.com/html/newsletter/versa/VE20020213.html#techtalk

[NEWS] - SETI@home security flaw.

CougTek

Hairy Aussie

sechs

Storage? I am Storage!

CougTek

Hairy Aussie

honold

Storage is cool