|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: mtr-0.41 root exploit
From: Rogier Wolff (R.E.Wolff
BITWIZARD.NL)Date: Tue Apr 25 2000 - 16:41:15 CDT
- Next message: Theodor Ragnar Gislason: "Re: Solaris 7 x86 lpset exploit."
- Previous message: Laurent LEVIER: "Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit"
- Maybe in reply to: Przemyslaw Frasunek: "mtr-0.41 root exploit"
- Next in thread: Kris Kennaway: "Re: mtr-0.41 root exploit"
- Maybe reply: Rogier Wolff: "Re: mtr-0.41 root exploit"
- Reply: Kris Kennaway: "Re: mtr-0.41 root exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Elias, please approve either this one or the previous message that I
sent, but not both. Of course, preferably this one, and not the
other. Thanks. ]
Hi Everyone,
FYI, mtr-0.42 was released on march 4th, which fixes the mtr-oversight
that allows this exploit to work. The actual bug (overflow) is in
the Freebsd libncurses implementation.
Back then we were confident that an exploit COULD be written, but
decided not to wait until one would be written. Point proven.
I would've appreciated the lesser "scare" when an accompanying note
would've said that the bug was already fixed.
Roger.
-- ** R.E.Wolff
- Next message: Theodor Ragnar Gislason: "Re: Solaris 7 x86 lpset exploit."
- Previous message: Laurent LEVIER: "Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit"
- Maybe in reply to: Przemyslaw Frasunek: "mtr-0.41 root exploit"
- Next in thread: Kris Kennaway: "Re: mtr-0.41 root exploit"
- Maybe reply: Rogier Wolff: "Re: mtr-0.41 root exploit"
- Reply: Kris Kennaway: "Re: mtr-0.41 root exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]