|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: rdist exploit [bsdi]
Andrew N. Edmond (edmond
shaman.lycaeum.org)Sat, 13 Jul 1996 01:20:35 -0600
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Cosimo Leipold: "Re: rdist exploit [bsdi]"
- Previous message: Brian Tao: "Re: rdist exploit [bsdi]"
- In reply to: jaeger: "Re: rdist exploit [bsdi]"
- Next in thread: Andy Dills: "Re: rdist exploit [bsdi]"
> > > > Here is a quick bsd/os (should work in freebsd too, I believe) exploitation > > > > script for the rdist buffer overflow vulnerbility. > > > > > > Confirmed for FreeBSD 2.1.0-RELEASE, 2.2-960501-SNAP and > > > 2.2-960601-SNAP. Haven't tried it with the 2.1.5 release stream yet. Agreed, another confirmation that this exploit works on 2.1.0-RELEASE. I temporarily fixed the problem by doing (this may be overboard, but I am getting paranoid with all these BSD holes lately!) the following: chflags noschg /usr/bin/rdist # must take off immutable flag! chmod 000 /usr/bin/rdist # wipe all functionality from this prog Looking forward to a source patch, for sure! Andy ............................................................................. . Andrew Edmond . Children of a future age, . .. edmond
- Next message: Cosimo Leipold: "Re: rdist exploit [bsdi]"
- Previous message: Brian Tao: "Re: rdist exploit [bsdi]"
- In reply to: jaeger: "Re: rdist exploit [bsdi]"
- Next in thread: Andy Dills: "Re: rdist exploit [bsdi]"