Bugtraq mailing list archives
Re: Sol2.x Mouse EXPLOIT info - CORRECTION
From: barr () pop psu edu (David Barr)
Date: Wed, 18 Jan 1995 14:14:32 -0500
In message <199501181524.KAA24318 () ussenterprise async vt edu>, Leo Bicknell wri tes:
Ok, I'll point out a few things. "#" is not a valid charactor in a host name, and a good bind server will not return it. I was unable to get my bind server to return a hostname with a # in it, so even if someone hacked the bind server for your site it wouldn't matter.
I don't know of any BIND server which won't let you put in a "#" in a host name. I've done quite a bit of checking of DNS, and I've found quite arbitrary characters in people's DNS data. You can argue to the contrary, but that's beyond the scope of this list.
Another thing not considered, is that by default under Ultrix all the network tty's are _unsecure_ meaning root cannot log in on them no matter what .rhosts says. Unless you have changed this it is absolutely not possible for this to be a problem.
You mean except for "rsh ultrixhost rm -rf /" Remember, with /.rhosts, having unsecure ttys has no effect. --Dave
Current thread:
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Leo Bicknell (Jan 18)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION David Barr (Jan 18)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Doug Siebert (Jan 18)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Timothy Newsham (Jan 19)
- O/S holes Matthew Harding (Jan 19)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Doug Siebert (Jan 18)
- Attach on DES paper??? Robert Moskowitz (Jan 18)
- Re: Attach on DES paper??? Perry E. Metzger (Jan 19)
- Re: Attach on DES paper??? Alexander Haiut (Jan 19)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Timothy Newsham (Jan 19)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION David Barr (Jan 18)