|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: rdist exploit [bsdi]
Andy Dills (andy
bigdog.fred.net)Sun, 14 Jul 1996 00:46:24 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Max Vision: "Re: rdist exploit [bsdi]"
- Previous message: Jack Flory: "Re: rdist exploit [bsdi]"
- In reply to: Andrew N. Edmond: "Re: rdist exploit [bsdi]"
- Next in thread: Brian Tao: "Re: rdist exploit [bsdi]"
On Sat, 13 Jul 1996, Andrew N. Edmond wrote: > > > > > Here is a quick bsd/os (should work in freebsd too, I believe) exploitation > > > > > script for the rdist buffer overflow vulnerbility. > > > > > > > > Confirmed for FreeBSD 2.1.0-RELEASE, 2.2-960501-SNAP and > > > > 2.2-960601-SNAP. Haven't tried it with the 2.1.5 release stream yet. > > Agreed, another confirmation that this exploit works on 2.1.0-RELEASE. I > temporarily fixed the problem by doing (this may be overboard, but I am > getting paranoid with all these BSD holes lately!) the following: > > chflags noschg /usr/bin/rdist # must take off immutable flag! > chmod 000 /usr/bin/rdist # wipe all functionality from this prog > > Looking forward to a source patch, for sure! > > Andy Bit 'streme :> I just chmod'ed it 0550. Andy (Oh, FYI, I got it to work on two FreeBSD 2.1.0-Stable systems.) > ............................................................................. > . Andrew Edmond . Children of a future age, . > .. edmond
- Next message: Max Vision: "Re: rdist exploit [bsdi]"
- Previous message: Jack Flory: "Re: rdist exploit [bsdi]"
- In reply to: Andrew N. Edmond: "Re: rdist exploit [bsdi]"
- Next in thread: Brian Tao: "Re: rdist exploit [bsdi]"