Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH brute force blocking tool

From: Tonnerre Lombard <tonnerre.lombard () sygroup ch>
Date: Tue, 28 Nov 2006 08:52:36 +0100
Salut,

On Mon, 2006-11-27 at 16:21 -0500, gabriel rosenkoetter wrote:

Nope, I'm wrong, just the literal string "`/sbin/halt`", which you
never exec.


Well, he does in the iptables command


Mea culpa. Tavis's exploit doesn't so scary things, although he's
right you should really be doing a bit more sanitization of (evil)
user-supplied input, given that you're (insisting that you) run as
root.


Another nice use of this vulnerability is of course the possibility to
blacklist arbitrary IPs (even better: if you have DNS for your local
names, or mDNS, you can e.g. blacklist the workstation of the admin so
he can't log in anymore)

                                Tonnerre
-- 
SyGroup GmbH
Tonnerre Lombard

Lösungen mit System
Tel:+41 61 333 80 33    Röschenzerstrasse 9
Fax:+41 61 383 14 67    4153 Reinach BL
Web:www.sygroup.ch      tonnerre.lombard () sygroup ch

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: