Vulnerability Development mailing list archives
Re: Telnetd exploit for solaris
From: sa7ori <sa7ori () tasam com>
Date: Thu, 6 Sep 2001 20:29:03 -0400 (EDT)
I was anticipating the flurry of flames that would follow the original post. Unfortunately, the original question, and the response posts are perfect embodiments of the follies of this industry. While we want to discourage "script kiddie" like behavior, perhaps this individual is looking for this exploit for genuinely inquisitive reasons. If you are an admin, sure you can patch and be done with it, but with something like telnetd the possibility of MULTIPLE overflows in client/server negotiation are VERY possible (the recent BSD telnetd is a PERFECT example of this). Even a "script kiddie" disabled exploit can give a competent C coder a leg up, and cut down on the hours otherwise spent auditing the daemon. Additionally, with regard to this request, I think it is safe to assume that this guy doesnt speak english as his first language, and thus doesnt know the pleasantries envolved with asking about such a delicate topic, let alone reading an advisory written entirely in english! I know the "script kiddiez", "incompitent security leeches", and the "angry antisec folk" are all at each others throats, but in the interest of remaining civilized, lets just pause and reflect befor we lunge at each other... On Thu, 6 Sep 2001, sween wrote:
On Wed, 5 Sep 2001, fintler wrote:Now why would you possible want something like that...if you were ansooooo you can drive an industry and root somebody's solaris machine and prove to SOMEONE's company that this computer security bullshit isn't just a fad and that are not wasting 60K a year for a "security" expert to hover over security focus mailing lists and apply patches to expensive operating systems that were shipped broken in the first place. this industry needs an old fashioned ass whoopin. You owe script kiddies... BIG TIME. GET OFF MY LIST.--- Labkonto <ppht-15 () mdstud chalmers se> wrote:Anyone here that developed an exploit for the Telnetd buffer overflow on solaris, or know where to get one? // ppadmin, you'd just patch yourbox and forget it. I can only assume you're trying to get into someone elses box, what makes you think I'm going to give you a script so you can get someone fired from their job because you felt like being an 3r3ct skr1pt k1ddi3. -fintler <fintler () halfbug com> __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com-- sween -script kiddie-
Current thread:
- Telnetd exploit for solaris Labkonto (Sep 05)
- Re: Telnetd exploit for solaris fintler (Sep 05)
- RE: Telnetd exploit for solaris Dom De Vitto (Sep 06)
- Re: Telnetd exploit for solaris Alex Pearsall (Sep 06)
- Re: Telnetd exploit for solaris Ron DuFresne (Sep 06)
- Re: Telnetd exploit for solaris sween (Sep 06)
- Re: Telnetd exploit for solaris sa7ori (Sep 06)
- RE: Telnetd exploit for solaris Joseph Spears (Sep 07)
- RE: Telnetd exploit for solaris Dom De Vitto (Sep 07)
- Re: Telnetd exploit for solaris Stanley G. Bubrouski (Sep 06)
- Re: Telnetd exploit for solaris Kaneda Akira (Sep 07)
- Re: Telnetd exploit for solaris Cory McIntire (Sep 07)
- Re: Telnetd exploit for solaris H D Moore (Sep 07)
- Re: Telnetd exploit for solaris fintler (Sep 05)
- Re: Telnetd exploit for solaris James Puckett (Sep 07)
- Re: Telnetd exploit for solaris Joseph Mallett (Sep 07)