Full Disclosure mailing list archives
Re: OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison.
From: "KF (lists)" <kf_lists () digitalmunition com>
Date: Wed, 11 May 2005 17:00:56 -0400
Vincent van Scherpenseel wrote:
On Wednesday 11 May 2005 20:44, KF (lists) wrote:Anyone ever wonder why all their security advisories come out for known issues two years after they have been found? Anyone ever wonder why they STILL use a vulnerble version of wu ftpd on one of their main servers? Connected to ftpput.sco.com. 220 artemis FTP server (Version 2.1WU(1)) ready. Name (ftpput.sco.com:doucheknob): Move along... nothing to see here but a decrepid OS that no one cares about. -KFKeep in mind that you shouldn't fully rely on service banners. These are easily faked to keep the script kiddies away. I know, that's security through obscurity, but not the whole world is Full Disclosure.- Vincent van Scherpenseel
keep in mind that this has been like this for *YEARS*. I highly doubt they have gone through the trouble of faking output for the format string vulnerability. Telnet to the port and test the site exec shit by hand yourself... although I have not checked I would almost bet you get memory addresses popping up.
I actually spoke to previous sco admins about it when I used to work with them on security issues. At the time they could not track down the admin of the box... after the caldera merger I would imagine it just sat there.
http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/008577.html -KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. please_reply_to_security (May 11)
- Re: OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. James Longstreet (May 11)
- Re: OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. KF (lists) (May 11)
- Re: OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. Vincent van Scherpenseel (May 11)
- Re: OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. KF (lists) (May 11)
- Re: OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. KF (lists) (May 11)
- Re: OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. shyyqvfpybfher (May 11)
- Re: OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison. James Longstreet (May 11)