|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: kon2
From: Chris Evans (chris
FERRET.LMH.OX.AC.UK)Date: Fri Aug 04 2000 - 15:36:10 CDT
- Next message: Paul Rogers: "Re: sperl 5.00503 (and newer ;) exploit"
- Previous message: Przemyslaw Frasunek: "HPUX FTPd vulnerability"
- In reply to: Elias Levy: "kon2"
- Reply: Chris Evans: "Re: kon2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 4 Aug 2000, Elias Levy wrote:
> ----- Forwarded message from Black Sphere <bsphereusa.net> -----
>
> Info :
>
> Package : kon2-0.3.8
> Compromise : root
[...]
>
> else if (!strncmp ("CHARSET_REGISTRY", line, 16))
[...]
Old news. Same vulnerability is noted (along with others) in my Jun 19th
post.
There has, of course, been a slew of kon2 package updates recently. I
wonder if vendors/maintainers simply patched the single bugs in question,
or took active measures to hunt down others?
I'd love it to be demonstrated otherwise, but I bet these bugs did not
spur a proper audit, and more root compromises remain.
Cheers
Chris
- Next message: Paul Rogers: "Re: sperl 5.00503 (and newer ;) exploit"
- Previous message: Przemyslaw Frasunek: "HPUX FTPd vulnerability"
- In reply to: Elias Levy: "kon2"
- Reply: Chris Evans: "Re: kon2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]