|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Spike] Jeremy Jethro's HPUX DCED comes out
From: dave (dave
immunitysec.com)
Date: Thu Jul 22 2004 - 11:52:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It's a one-shot sploit, and HPUX needs strict versioning to get it
right. It's a default-install remote root though, so worth the effort. ;>
The full advisory is here:
http://www.atstake.com/research/advisories/2004/a072204-1.txt
"Successful exploitation of this vulnerability may allow
an attacker to execute arbitrary commands on the targeted system
with the privileges of the DCED process which is typically run as
the root user."
Why do people say "may"? It's definately WILL allow execution as root. :>
-dave
_______________________________________________
Spike mailing list
Spikelists.immunitysec.com
http://www.immunitysec.com/mailman/listinfo/spike
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]