Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Debian netkit telnetd vulnerability

from [Matt Zimmerman] Network Security [Permanent Link]
Subject: Re: Debian netkit telnetd vulnerability
Date: Sun, 26 Sep 2004 15:41:53 -0700 
On Tue, Sep 21, 2004 at 03:11:49AM +0400, Solar Designer wrote:


On Sat, Sep 18, 2004 at 09:57:19PM +0200, Michal Zalewski wrote:

Exposure:

  Remote root compromise through buffer handling flaws


FWIW, some (two?) distributions have privsep'ed telnetd by now, where
the immediate impact of this flaw (if it were present there) would be
code execution as pseudo-user "telnetd" chrooted to /var/empty. (*)


Debian's telnetd runs as user telnetd, though it does not chroot to
/var/empty.

-- 
 - mdz
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Casper Dik
Next by Date:  MSSQL 7.0 DoS, securma
Previous by Thread:  Re: Debian netkit telnetd vulnerability, Solar Designer
Next by Thread:  ADVISORY: security hole (http response splitting) in snitz forums 2000, Maestro De-Seguridad
Indexes:  [Date] [Thread] [Top] [All Lists]