The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #067 [Re: possible Ultrix immunity?] (1 message, 478 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/067.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: Chris Torek <chris@mimsy.umd.edu>
To: phage
Date: Sat 22:01:02 05/11/1988 EST
Subject: Re: possible Ultrix immunity?
References: [Thread Prev: 040] [Thread Next: 108] [Message Prev: 066] [Message Next: 068]

Ultrix 2.x sites that are not using the name server are immune
only because the vax binaries were compiled against the new <netdb.h>.
(The worm brings over a vax .o file and links that against your
libc to produce the executable.)  The new netdb.h has

	char	**h_addr_list;
#define h_addr	h_addr_list[0]

while the old one has

	char	*h_addr;

so the code core dumps when it tries to use h_addr[0][*].

CHris

END OF DOCUMENT