Version 2.5.0/8 of Alt+Connect
A fix has been added which stops connectd from trusting all machines.
Without this fix, it's possible to login to connectd as any user.
Connection control lists, bill logging, quotas, etc. are all
circumvented, but the wider machine shouldn't be compromised. This
exploit needs an identd server which doesn't ship as standard with
Windows, so you are most at risk if your network has Linux machines
under the control of other users; it also needs tcpd support compiled
in, so to be vulnerable "[TCPD]" must be in the string returned by
"connect ver".
Other releases
- 30 Jun 2003 11:38
Changes: Many.
- 15 Dec 2001 10:29
Changes: This is principally the same security fix as for the stable version, but a number of useful options are now passed as default to pppd, where they're supported, and you can control the speaker and blind-dialing from connectd's config file without hacking the modem chat script.
- 15 Dec 2001 10:24
Changes: A fix has been added which stops connectd from trusting all machines. Without this fix, it's possible to login to connectd as any user. Connection control lists, bill logging, quotas, etc. are all circumvented, but the wider machine shouldn't be compromised. This exploit needs an identd server which doesn't ship as standard with Windows, so you are most at risk if your network has Linux machines under the control of other users; it also needs tcpd support compiled in, so to be vulnerable "[TCPD]" must be in the string returned by "connect ver".
- 28 Nov 2001 14:35
Changes: Multiple providers works on ISDN (except that the add-provider script doesn't know anything about them). The limit of 32 providers can be exceeded with the correct ./configure switch. Tcpd support is back in with gcc 2.96 (e.g. Red Hat 7.0+).
- 28 Nov 2001 14:34
No changes have been submitted for this release.
