Dear colleagues, It was brought to our attention last night that the perl whoisd server the RIPE NCC is currently running is vulnerable to a buffer overflow attack. We have taken action immediately and fixed this problem on our production servers. We have also checked for traces of people taking advantage of the vulnerability and concluded that this was not the case. The whois service was not affected. Should you be running a copy of our software, please apply the patch attached below to bin/whoisd. It truncates the query to 255 characters. If you have any questions or comments, please contact <ripe-dbm@ripe.net>. We would like to thank Geert Jan de Groot and Steve Bellovin for bringing this to our attention. Kind Regards, Mirjam Kuehne Head External Services RIPE NCC -------------------- 1. save the following text as /tmp/whoisdpatch ----------cut here------------------------------ *** whoisd.trunc Wed Feb 2 22:28:34 2000 --- whoisd Wed Feb 2 22:29:46 2000 *************** *** 1679,1694 **** $query=join(" ", @ARGV); } else { - my($trunclen); - alarm $KEEPOPEN if (!$commandline); $query=<$input>; - - # truncate to 255 chars - $trunclen = length($query); - $trunclen = 255 if $trunclen > 255; - substr( $query, $trunclen ) = ""; - } # &dpr("query: -$query- errorcode: -$!-\n"); --- 1679,1686 ---- ----------cut here-------------------------------- 2. execute in the directory where your whoisd lives: $ patch < /tmp/whoisdpatch