Re: Kodak Color Management System

[jesus () STARMEDIA NET (Jesus Oquendo)]

There was an exploit back in November or so for the kcms stuff search on
the list for it or try packetstorm.securify.com

_________________,,,__ o,0 __,,,_____________
Jesus Oquendo
jesus () starmedia net || 1243033 () skytel com
Network Operations
StarMedia Networks INC.
http://www.starmedia.com
(p) (212) 520-6341 (f) (212) 548-9654

ID 0x1281EC4F
DH/DSS
4096/1024
CIPHER: CAST
PGP Fingerprint
46C0 6A83 E6D2 FEA6 383A  B9A6 44D3 4E77 1281 EC4F

"OpenBSD -- Where you should've been yesterday."

On Thu, 2 Mar 2000, Flynn, Harold M. III wrote:

> KCMS on Sun.  I've been a little suspicious of it for a while now, but I
> haven't really had the opportunity to play with it due to time constraints
> and firefighting.  However, I'd like to point a few things out about it that
> really raise my eyebrows.
>
> First of all, it's interesting that it's remotely accessable (although not
> by default).  It's an rpc service, and listed in /etc/inetd.conf although
> commented out by default.  Looking in /usr/openwin/bin, I found this
> interesting:
>
> -rwsr-sr-x   1 root     bin        94184 Apr  1  1999 kcms_calibrate
> -rwsr-sr-x   1 root     bin        23360 Apr  1  1999 kcms_configure
> -rwxr-xr-x   1 root     bin        24380 Jul  9  1998 kcms_server
>
> I'll play with it when I get time.  Yeah.  Right.  Somebody interested in
> looking at it?
>
> Hal
>
> Hal Flynn, ICS Inc.     Senior Systems Analyst
> Defense    Information  Systems   Agency
> flynnh () mont disa mil    Commercial: 334-416-3233
> DSN: 596-3233