On Tue, Feb 01, 2005 at 03:53:50PM -0800, John H. Robinson, IV wrote: > Lan Barnes wrote: > > > > > > That shellcode then fires off whatever the atacker wants. Oftimes an > > > identd that will spawn telnetd or something of the like. The attacker > > > can then log in whenever he wants, as root. > > > > > > > ???? A script belonging to apache (at best) fires off inetd? I would be > > quite surprised. > > Why not? Write your own inetd.conf, but allocate no ports < 1024. Run > your own telnetd on an oddball port. I tend to like 3030 :) > > You are thinking apache exploits. I am thinking exploits in general. > > Okay, let's say we have a vunerable service that allows remote user to > run arbitray commands (shellcode). We have a *local* service, maybe > sendmail, that has a root escalation. You use that remote command > execution to run the shellcode tht triggers the root escalation. Younow > have remote root. >
In your example, sendmail is the locus of the vulnerability. -- Lan Barnes [EMAIL PROTECTED] Linux Guy, SCM Specialist 858-354-0616 -- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
