I tried the exploit on a SuSE 7.0 host,
if root starts ping/traceroute..., the /etc/shadow file is being shown,
if a normal user exports RESOLV_HOST_CONF, nothing unnormal
happens:
bj@spock:~ ls -l /bin/ping
-rwsr-xr-x 1 root root 23k Okt 4 12:37 /bin/ping
bj@spock:~ ldd
Julian Gilbey ([EMAIL PROTECTED]) wrote on 9 January 2001 11:08:
Most weird. I get this behaviour when running through a setuid root
strace, but I don't get the error messages (and hence the content of
/etc/shadow) when I don't use strace. I'm still running potato.
You can't strace a suid
I got the following (alarming) messages on syslog:
Jan 8 13:34:23 yuban syslogd: Cannot glue message parts together
Jan 8 13:34:23 yuban /sbin/rpc.statd[159]: gethostbyname error for
^X\xf7\xff\xbf^X\xf7\xff\xbf^Y\xf7\
[EMAIL PROTECTED] writes:
I got the following (alarming) messages on syslog:
Jan 8 13:34:23 yuban syslogd: Cannot glue message parts together
Jan 8 13:34:23 yuban /sbin/rpc.statd[159]: gethostbyname error for
^X\xf7\xff\xbf^X\xf7[snip]
Jan 8 13:34:23 yuban
Previously [EMAIL PROTECTED] wrote:
I got the following (alarming) messages on syslog:
This is becoming a FAQ.. it's a failed crack attempt.
Wichert.
--
/ Generally uninteresting signature - ignore at your convenience \
|
I got the following (alarming) messages on syslog:
This is becoming a FAQ.. it's a failed crack attempt.
I got the same attempt on Sunday. This is what I found out about it:
"The rpc.statd program passes user-supplied data to the syslog() function
as a format string. If there is no input
This is just a comment based on all the emails that I have been seeing here
(not that I read them all, but...).
In theory if you are going to leave your system setup on a public network, then
you should really be filtering ALL connections to the box and ONLY ONLY ONLY
allowing the services that
On Tue, Jan 09, 2001 at 12:31:59PM -0800, [EMAIL PROTECTED] wrote:
I got the following (alarming) messages on syslog:
Jan 8 13:34:23 yuban syslogd: Cannot glue message parts together Jan
8 13:34:23 yuban /sbin/rpc.statd[159]: gethostbyname error for
I tried the exploit on a SuSE 7.0 host,
if root starts ping/traceroute..., the /etc/shadow file is being shown,
if a normal user exports RESOLV_HOST_CONF, nothing unnormal
happens:
[EMAIL PROTECTED]:~ ls -l /bin/ping
-rwsr-xr-x 1 root root 23k Okt 4 12:37 /bin/ping
[EMAIL
On Mon, Jan 08, 2001 at 05:57:23PM +, thomas lakofski wrote:
Since I've not had any response yet, I thought I'd give a demonstration of how
nasty this is:
Script started on Mon Jan 8 17:48:23 2001
[EMAIL PROTECTED]:~$ export RESOLV_HOST_CONF=/etc/shadow
[EMAIL PROTECTED]:~$ ping
Julian Gilbey ([EMAIL PROTECTED]) wrote on 9 January 2001 11:08:
Most weird. I get this behaviour when running through a setuid root
strace, but I don't get the error messages (and hence the content of
/etc/shadow) when I don't use strace. I'm still running potato.
You can't strace a suid root
I got the following (alarming) messages on syslog:
Jan 8 13:34:23 yuban syslogd: Cannot glue message parts together
Jan 8 13:34:23 yuban /sbin/rpc.statd[159]: gethostbyname error for
^X\xf7\xff\xbf^X\xf7\xff\xbf^Y\xf7\
[EMAIL PROTECTED] writes:
I got the following (alarming) messages on syslog:
Jan 8 13:34:23 yuban syslogd: Cannot glue message parts together
Jan 8 13:34:23 yuban /sbin/rpc.statd[159]: gethostbyname error for
^X\xf7\xff\xbf^X\xf7[snip]
Jan 8 13:34:23 yuban
Previously [EMAIL PROTECTED] wrote:
I got the following (alarming) messages on syslog:
This is becoming a FAQ.. it's a failed crack attempt.
Wichert.
--
/ Generally uninteresting signature - ignore at your convenience \
|
I filed a bug against hostname for this behavior. Perhaps I should refile
it against libc6... Doogie, if you're reading this and you beat me to the
punch, go for it...
On Tue, 9 Jan 2001 [EMAIL PROTECTED] wrote:
I got the following (alarming) messages on syslog:
Jan 8 13:34:23 yuban
I got the following (alarming) messages on syslog:
This is becoming a FAQ.. it's a failed crack attempt.
I got the same attempt on Sunday. This is what I found out about it:
The rpc.statd program passes user-supplied data to the syslog() function
as a format string. If there is no input
This is just a comment based on all the emails that I have been seeing here
(not that I read them all, but...).
In theory if you are going to leave your system setup on a public network, then
you should really be filtering ALL connections to the box and ONLY ONLY ONLY
allowing the services that
On Tue, Jan 09, 2001 at 12:31:59PM -0800, [EMAIL PROTECTED] wrote:
I got the following (alarming) messages on syslog:
Jan 8 13:34:23 yuban syslogd: Cannot glue message parts together Jan
8 13:34:23 yuban /sbin/rpc.statd[159]: gethostbyname error for
18 matches
Mail list logo
