11aGMX.NET

• Next message: Erik Tayler: "Re: Neotrace v2.12a Buffer Overflow [?]"
• Previous message: Mark Rafn: "Re: SSI Injection Question"
• In reply to: Domenico De Vitto: "Re: Remote exploitation of network scanners?"
• Next in thread: Peter Pentchev: "Re: Remote exploitation of network scanners?"
• Reply: Bluefish (P.Magnusson): "Re: Remote exploitation of network scanners?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Agree. Of course it should be fixed.

  1. didn't have much knowledge tool, wasn't aware of who created it
  2. some people may wish to to do a dirty fix until an official one is
     available.

Only mentioning that my post sugested dropping chmod permission
(poking around with capabilities). I'm not overly familiar with
capabilities, but it shouldn't be that easy to break that, should it? the
entire idea with capabilities is, if I got it correctly, is to confine
even super-user processes, allowing code which may be vulnerable to
perform limited super-user tasks but not all that root normally can do.

> Snoop is basically Sun's home-grown 'tcpdump', and though you can always
> sandbox (and hope they can't bust your chroot!), very few (e.g. none) people
> are going to expect a vendor supplied 'listen-only' tool to give bad guys
> remte root, so....

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

• Next message: Erik Tayler: "Re: Neotrace v2.12a Buffer Overflow [?]"
• Previous message: Mark Rafn: "Re: SSI Injection Question"
• In reply to: Domenico De Vitto: "Re: Remote exploitation of network scanners?"
• Next in thread: Peter Pentchev: "Re: Remote exploitation of network scanners?"
• Reply: Bluefish (P.Magnusson): "Re: Remote exploitation of network scanners?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]