Re: Jeremy Jethro's HPUX DCED comes out

[JJETHRO () si rr com]

I used "may" because I didn't have access to OpenVMS or Tru64 to confirm exploitability.  Some Linux implementation I 
ran across a while back is vulnerable too, but I don't recall the specifics.

On a side note, congratulations to @stake for releasing an advisory where Tru64 is spelled correctly.

jeremy

----- Original Message -----
From: dave <dave () immunitysec com>
Date: Thursday, July 22, 2004 12:52 pm
Subject: [Dailydave] Jeremy Jethro's HPUX DCED comes out

> It's a one-shot sploit, and HPUX needs strict versioning to get it 
> right. It's a default-install remote root though, so worth the 
> effort. ;>
>
> The full advisory is here:
> http://www.atstake.com/research/advisories/2004/a072204-1.txt
>
> "Successful exploitation of this vulnerability may allow
> an attacker to execute arbitrary commands on the targeted system
> with the privileges of the DCED process which is typically run as
> the root user."
>
> Why do people say "may"? It's definately WILL allow execution as 
> root. :>
>
> -dave
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://www.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave