VU#165099 patch

Brought to you by: shonjir

#3 VU#165099 patch

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2005-08-10

Created: 2005-08-10

Creator: Asier

Private: No

In few words this patch solves VU#165099 Cert
vulnerability for Cryptcat for Unix.

In order to apply apply the patch execute:
tar xfz cyptcat_20031202.tar.gz
gunzip cryptcat.solves_vu165099.diff.gz
cd cryptcat_20031202
patch -p1 < ../cryptcat.solves_cvu165099.diff
make linux

In order to test it execute:
./cryptcat -kwhateverkey -l -p 1234 -e /bin/cat
(from another terminal) ./cryptcat -kwhateverkey
localhost 1234

Tested on Linux.

When original version of crypcat executed a program
with -e option the code that encrypted/decrypted
comunication was destroyed bye exec. So, parent
process must not be destroyed. We have to create a
child process, communicate with parent trough a
bidirectional Unix socket, exec on child so parent lasts
and encryption/decryption code is not destroyed.

I've tried to contact with both Farm9 and Cert and have
no response from them.

More info on my personal web
http://semevalaolla.dyn.ee/~ara/dwn/cryptcat/

Discussion

Asier - 2005-08-10

VU#165099 patch

cryptcat.solves_vu165099.diff

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

VU#165099 patch

Group

Searches

Help

#3 VU#165099 patch

Discussion