Dailydave mailing list archives

Jeremy Jethro's HPUX DCED comes out

From: dave <dave () immunitysec com>
Date: Thu, 22 Jul 2004 12:52:13 -0400

It's a one-shot sploit, and HPUX needs strict versioning to get itright. It's a default-install remote root though, so worth the effort. ;>


The full advisory is here:
http://www.atstake.com/research/advisories/2004/a072204-1.txt

"Successful exploitation of this vulnerability may allow
an attacker to execute arbitrary commands on the targeted system
with the privileges of the DCED process which is typically run as
the root user."

Why do people say "may"? It's definately WILL allow execution as root. :>

-dave









_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Jeremy Jethro's HPUX DCED comes out dave (Jul 22)
- <Possible follow-ups>
- Re: Jeremy Jethro's HPUX DCED comes out JJETHRO (Jul 22)