In few words this patch solves VU#165099 Cert
vulnerability for Cryptcat for Unix.
In order to apply apply the patch execute:
tar xfz cyptcat_20031202.tar.gz
patch -p1 < ../cryptcat.solves_cvu165099.diff
In order to test it execute:
./cryptcat -kwhateverkey -l -p 1234 -e /bin/cat
(from another terminal) ./cryptcat -kwhateverkey
Tested on Linux.
When original version of crypcat executed a program
with -e option the code that encrypted/decrypted
comunication was destroyed bye exec. So, parent
process must not be destroyed. We have to create a
child process, communicate with parent trough a
bidirectional Unix socket, exec on child so parent lasts
and encryption/decryption code is not destroyed.
I've tried to contact with both Farm9 and Cert and have
no response from them.
More info on my personal web
Log in to post a comment.