Vulnerability Development mailing list archives
Re: Kodak Color Management System
From: jesus () STARMEDIA NET (Jesus Oquendo)
Date: Thu, 2 Mar 2000 21:56:25 -0500
There was an exploit back in November or so for the kcms stuff search on the list for it or try packetstorm.securify.com _________________,,,__ o,0 __,,,_____________ Jesus Oquendo jesus () starmedia net || 1243033 () skytel com Network Operations StarMedia Networks INC. http://www.starmedia.com (p) (212) 520-6341 (f) (212) 548-9654 ID 0x1281EC4F DH/DSS 4096/1024 CIPHER: CAST PGP Fingerprint 46C0 6A83 E6D2 FEA6 383A B9A6 44D3 4E77 1281 EC4F "OpenBSD -- Where you should've been yesterday." On Thu, 2 Mar 2000, Flynn, Harold M. III wrote:
KCMS on Sun. I've been a little suspicious of it for a while now, but I haven't really had the opportunity to play with it due to time constraints and firefighting. However, I'd like to point a few things out about it that really raise my eyebrows. First of all, it's interesting that it's remotely accessable (although not by default). It's an rpc service, and listed in /etc/inetd.conf although commented out by default. Looking in /usr/openwin/bin, I found this interesting: -rwsr-sr-x 1 root bin 94184 Apr 1 1999 kcms_calibrate -rwsr-sr-x 1 root bin 23360 Apr 1 1999 kcms_configure -rwxr-xr-x 1 root bin 24380 Jul 9 1998 kcms_server I'll play with it when I get time. Yeah. Right. Somebody interested in looking at it? Hal Hal Flynn, ICS Inc. Senior Systems Analyst Defense Information Systems Agency flynnh () mont disa mil Commercial: 334-416-3233 DSN: 596-3233
Current thread:
- Kodak Color Management System Flynn, Harold M. III (Mar 01)
- Re: Kodak Color Management System Jesus Oquendo (Mar 02)
- Re: Kodak Color Management System John Hall (Mar 02)