Vulnerability Development mailing list archives
Re: Red Hat 6.2's ftp segmentation fault
From: sec () ORGONE NEGATION NET (Jason Storm)
Date: Sat, 24 Jun 2000 15:54:22 -0700
On Fri, 23 Jun 2000, Philip Rowlands wrote:
The issue here is that your actual, cleartext password need *never* appear on any disk, anywhere at any time. If it's being stored or transmitted, it should be hashed or encrypted.
just about any daemon/application i can think of posesses a cleartext password at some point via read(). snarfing passwords from sshd via strace is trivial, for example. if the core file is world readable, thats the issue i would concentrate on, not its contents. -jason storm negation industries
Current thread:
- Red Hat 6.2's ftp segmentation fault, (continued)
- Red Hat 6.2's ftp segmentation fault Paulo Ribeiro (Jun 22)
- Re: Red Hat 6.2's ftp segmentation fault Osvaldo J. Filho (Jun 23)
- Re: Red Hat 6.2's ftp segmentation fault Michal Zalewski (Jun 23)
- Re: Red Hat 6.2's ftp segmentation fault Jeff Bachtel (Jun 23)
- Re: Red Hat 6.2's ftp segmentation fault Philip Rowlands (Jun 23)
- Re: Red Hat 6.2's ftp segmentation fault Bluefish (Jun 24)
- Re: Red Hat 6.2's ftp segmentation fault Jim Kinney (Jun 24)
- Re: Red Hat 6.2's ftp segmentation fault Blue Boar (Jun 24)
- Different attack vector - PXE-2.0 protocol Ollie Whitehouse (Jun 25)
- Spoofed FTP connections John Scimone (Jun 25)
- Re: Red Hat 6.2's ftp segmentation fault Jason Storm (Jun 24)
- Keyboard recording Martin M Samson (Jun 21)
- Re: Another new worm??? Blue Boar (Jun 21)
- Re: Another new worm??? Steve Mosher (Jun 22)
- disclosure and risk to list subscribers (Re: Another new worm???) Mark Rafn (Jun 22)
- Re: Another new worm??? Bennett Todd (Jun 24)