From: David Luyer [luyer@UCS.UWA.EDU.AU]
Sent: Sunday, August 15, 1999 9:52 PM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: Internet Auditing Project

The tool mentioned in this has a couple of show-stopper bugs, at least for
my system.  The options default to -c on, the getopt doesn't accept c and
the option parsing just turns it on anyway.  Also, the use of longjmp out
of an alarm handler breaks things.  It should be siglongjump and sigsetjmp.
The second alarm signal never happens and the program hangs indefinitely.
(this is Linux 2.0.37, glibc 2.1)

For those who want to get it working quickly, here's a patch (gzipped,
uuencodes, if you don't know how to decode/apply then you shouldn't be
using the scanner anyway).

begin 644 bass-1.0.7.patch.gz
M'XL(""1MMS<"`V)A<W,M,2XP+C<N<&%T8V@`G5=M4^,V$/Y,?L4>G;FSL1,2
M<KF0!%KH-5R9`4()G6G[)>/8<JS#L5Q)=@Z8^^]=28[S0L(UW,S9BJ1=[S[/
M:A\1T#"$:L9O8.P)46W4ZK7VX:_GPV'-7YJIA?0;"8KY2K5:?;E[[YHE<)Y-
M`#I0;W8_-KNM!C0ZG4[%<9QMKDJCQB>H=[I']6[SV!B=G4&U4>^X;7#,Z^RL
M`OK?F``G7@`A9U/PP&=)2"<9]R1%7R&-B0T'AQ50NP\/(/6X("X$U"?@)0&(
M6(_X))N21$+NQ1D1QI?/IE.U):8)42ZJ`+,(_5D62[7S4Y@0B6,+S7U7.<E=
MV(^[LONUF^;1OFW#NU/H#R[LBK.+K;]NK?,4,RK]J+`OY@">YP/?$P0^Q!^@
M:[!J-C56^J6PVALC2@\]`\3"P%<&U3WC5=1\-O-X,)JR@&"(@YM>Q=FR)B17
M'OQIJD+"^#%\ENS;\`L,+BZ@JXVW?3577PTVE=J8)L&F4C/SZZ5F9G<LM34C
M4VK-3K>Q5&JM(X6>?II"XT1F/$%<32X>GUJ23@G+I-W#RJ"A!>\$D5\1#OP_
MSD(;;"3'*5;H9&71;9AEY3A',%5((^G%#]8](DGDQ6\NT'\SPA]=$/2)L-`R
M/VT7+O_XLW_WMPWOWY>@;K3/5^WSN;TQ[RE;E44=AQN92(B<,?ZPB8QR:9V/
M<F%'2E[:%:P<=UN=!2O-MF)%/S4K%$\L726$S^E88\,&P\4F*G!-0QDR;E%D
MH]X#"B<:.*A"`W\YCF9+!]$^5D'H9QE$@C!C^_B_H3R_%LOS(ACET\2C1B<^
MR_`;>@S.*22V*0!589;J*#-.);$$\Q_"P`7T!X[>[(*VQ%S4+U5Y)^@47TM%
M;?IKV_37.<!%,M?G?XWZGW\?W/5OKW3EO#$M#!7;Q6CF43GB)(T?+2\(^&HI
M+H[:/*@CC;=Y+06U.'UO#T>?/12,A/BRQ$T0GH]48-B5\1F39%N$/"]"[)A>
MVYGWVN\J2A0;+T8CI,5+4\)!1IZ$E!-D=BJPNB:)%P/#%2U5`C\GU"0,+[^<
M7]U=@V1*<B",/1&-/?_!Q1FE=ID@`:`81&#24MKD_&#C'`(MA:IB53;JC1V<
M)8%`/9G7]U']D]OX"$[Q+G3VN\FJBED5V>,W9$0@9<H-"X%\(WZFM4TG.O,P
M1R_'"#)!DTD1JXL`4,8KSMO]S%.9NU+1%3X,WK@LU4Z&34VEFS,:+,#162/,
MC!.3])P)J\#=502,+K_<:*ZU2\,[LA&S9+)42-#`>4<YV+1@RN#UYAIM[X71
MMN8:O;&Y1B\EK]5:NEV9RU6G/&8_T<2/,Q3[$P-X+?I9@8"CD>HM)E7,']-?
MGS/E+UE")Y%$_E+B4R\6M5K-W,4V8L)3?Y/8Z.EU+/3DCCBLVBQD_VB!0:>E
M,-!/7?>?KR[[-_=PX,=TA_;^NM*8UF,\JO83)U+ZZ<C'BQ)V;VXZ3\H97JAR
MPK$MJ,:4:H$)Q).+Q\;/Q9/=`_BAA,_P&*#33:B62^O(E@L[HOO2KD2XWEZ2
M<-W-FZ5Z*ID;/TJ\<VN=T\,3)3AW_>'MX&;8'PTO_^D7"\YILD!PE8=M1+S*
M1'%[QBU:/]6?$:4,<")2[,H$-51_VX474:&@ZB7;"*JYDS\#X3QAZ*Y_>S>X
6'_1@PK`]A1Z->]@1_@/D5#R88`T`````
`
end

David.