Seti security hole

Nozzer · 6 Apr 2003 at 19:02

http://www.student.nada.kth.se/~su99-sha/mirror.html

Might be of interest to most people.

Berserker · 6 Apr 2003 at 19:12

In the unlikely event that anyone is still using the GUI, there is a patch available here.

There does not appear to be a patch available for the command-line clients.

happytechie · 6 Apr 2003 at 20:22

hmmmmm

interesting for those of us who run SETI on routers :eek:

I'm going look into this.

HT

Biffa · 6 Apr 2003 at 23:19

Originally posted by happytechie
those of us who run SETI on routers

Should be shot I reckon

Yes its a bug, but someone would have to convince the client to connect to a machine other than the one its supposed to.

The client isn't vulnerable in and of itself as you can't connect directly to the client, you can only exploit the client once it connects to you.

happytechie · 7 Apr 2003 at 09:45

Yep that appears to be the extent of it. I've pulled SETI down from my smoothie box in the meantime, lets hope that borkley push a patch out soon

HT

GlacierMint · 7 Apr 2003 at 12:02

Not up to speed on SETI, but it looks like a new version (3.08) has been released...

http://www.theregister.co.uk/content/55/30124.html

Baggy

Andre · 7 Apr 2003 at 12:13

Originally posted by Baggy
Not up to speed on SETI, but it looks like a new version (3.08) has been released...

Sorry Baggy - this is only the Gooey version.

No-one in this forum is allowed to run that - a definite trip to the deepest corner of the Dunjuns to sharpen all the rubbers

GlacierMint · 7 Apr 2003 at 12:21

Oh well, worth a try...Must get SETI up and running again one of these days !!

Sorry !

Baggy

Andre · 7 Apr 2003 at 12:44

Go here and get it going - we need all the wus we can get

/switches to female sexy voice
go on - you KNOW you want to
/switches back to normal deep male voice

GlacierMint · 7 Apr 2003 at 13:02

LOL !! I would, but am processing Cancer Research blocks right now. Figure it might come in handy later in life (reaches for another smoke) !

Baggy

Berserker · 8 Apr 2003 at 12:46

Berekeley has released patched command-line versions:

Windows command-line:

i386-winnt-cmdline.exe: Mirror 1 Mirror 2

Linux command-line (this is the only one available - all others have been retired):

i686-pc-linux-gnu: Mirror 1 Mirror 2

Feek · 8 Apr 2003 at 17:06

Good shout Mark.

I won't bother to upgrade though, the hole looks very minor and I'm personally not too concerned about it.

K.

Berserker · 8 Apr 2003 at 17:18

Originally posted by Feek
I won't bother to upgrade though, the hole looks very minor and I'm personally not too concerned about it.

Ditto - especially as none of mine connect directly to Berkeley.