Vulnerability Development mailing list archives
Re: Remote exploitation of network scanners?
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sat, 2 Sep 2000 00:30:03 +0200
Agree. Of course it should be fixed. 1. didn't have much knowledge tool, wasn't aware of who created it 2. some people may wish to to do a dirty fix until an official one is available. Only mentioning that my post sugested dropping chmod permission (poking around with capabilities). I'm not overly familiar with capabilities, but it shouldn't be that easy to break that, should it? the entire idea with capabilities is, if I got it correctly, is to confine even super-user processes, allowing code which may be vulnerable to perform limited super-user tasks but not all that root normally can do.
Snoop is basically Sun's home-grown 'tcpdump', and though you can always sandbox (and hope they can't bust your chroot!), very few (e.g. none) people are going to expect a vendor supplied 'listen-only' tool to give bad guys remte root, so....
..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: Remote exploitation of network scanners? Domenico De Vitto (Sep 01)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Sep 01)
- <Possible follow-ups>
- Re: Remote exploitation of network scanners? Peter Pentchev (Sep 02)
- Re: Remote exploitation of network scanners? Andrew Scott Reisse (Sep 02)
- Re: Remote exploitation of network scanners? Peter Pentchev (Sep 02)
- Re: Remote exploitation of network scanners? Andrew Scott Reisse (Sep 02)