Salut, On Mon, 2006-11-27 at 16:21 -0500, gabriel rosenkoetter wrote: > Nope, I'm wrong, just the literal string "`/sbin/halt`", which you > never exec.
Well, he does in the iptables command
> Mea culpa. Tavis's exploit doesn't so scary things, although he's
> right you should really be doing a bit more sanitization of (evil)
> user-supplied input, given that you're (insisting that you) run as
> root.
Another nice use of this vulnerability is of course the possibility to
blacklist arbitrary IPs (even better: if you have DNS for your local
names, or mDNS, you can e.g. blacklist the workstation of the admin so
he can't log in anymore)
Tonnerre
--
SyGroup GmbH
Tonnerre Lombard
Lösungen mit System
Tel:+41 61 333 80 33 Röschenzerstrasse 9
Fax:+41 61 383 14 67 4153 Reinach BL
Web:www.sygroup.ch [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
