Nu prea inteleg. Intr-o bucata a e-mailului scrie "ABfrag - Linux Kernel ( <= 2.4.20pre20 ) Remote Syncing exploit" iar in alta "affects the TCP/IP stack on *BSD systems". Cred ca ar fi printre primele exploit-uri din lume care sa afecteze tcp/ip stack-ul din ambele kernele. heh :/ Deci este pentru linux sau pentru *bsd?
On Fri, Oct 18, 2002 at 12:46:17AM +0300, Alexandru Balan wrote: > > Daca are cineva o sursa ceva mai reliable e rugat sa se pronunte.. > sounds pretty scary > > stripped from bugtraq: > > -- start here -- > > > Greetings. > Today I had a rather strange experiance. At about 4:30 pm GMT my > IDS began reporting strange TCP behaviour on my network segment. As I > was unable to verify the cause of this behaviour I was forced to remove > the Linux box that I use a border gateway and traffic monitor - at no > small > cost to my organization - the network is yet to be reconnected. > After a reboot and preliminary analysis I found the binary ABfrag > sitting > in /tmp. It had only been created minutes before. > Setting up a small sandbox I ran the program and was presented with the > following > output: > > > ---------------------------------------------------------------------------- > > ABfrag - Linux Kernel ( <= 2.4.20pre20 ) Remote Syncing exploit > > Found and coded by Ac1db1tch3z - t3kn10n, n0n3 and t3kn0h03. > > WARNING: > Unlicensed usage and/or distribution of this program carries heavy fines > and penalties under American, British, European and International > copyright > law. > Should you find this program on any compromised system we urge you to > delete > this binary rather than attempt distribution or analysis. Such actions > would > be both unlawful and unwise. > > -- end here -- > > -- start here -- > > On Sun, Sep 22, 2002 at 03:51:54PM +0300, > [EMAIL PROTECTED] wrote: > > Hello, > > > > First of all this is hear-say, but being from a > reliable source (imho), > > here it is: > > > > There supposedly is an exploit named ABFrag.c in the > wild that affects the > > TCP/IP stack on *BSD systems, providing remote root > shell to the attacker. > > -- end here -- > > > -- > The Virgin BOFH > Linux Registered User #288905 > > __________________________________________________________ > Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe > -- | Radu Bogdan Rusu | [EMAIL PROTECTED] | | Network System Administrator @ campus.utcluj.ro | | Faculty of Automation and Computer Science | | Technical University of Cluj-Napoca, Romania | |-----------------------------------------------------------| __________________________________________________________ Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe
