Re: telnetd exploit code

From: aleph1@securityfocus.com
Date: 07/24/01

• Previous message: Sebastian: "Re: telnetd exploit code"
• In reply to: Sebastian: "Re: telnetd exploit code"
• Next in thread: Aaron Silver: "Re: telnetd exploit code"
• Next in thread: Josh Brandt: "Re: telnetd exploit code"
• Reply: Aaron Silver: "Re: telnetd exploit code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 24 Jul 2001 12:23:18 -0600
From: aleph1@securityfocus.com
To: Sebastian <scut@nb.in-berlin.de>
Subject: Re: telnetd exploit code
Message-ID: <20010724122318.W21994@securityfocus.com>

* Sebastian (scut@nb.in-berlin.de) [010724 09:38]:
> I do not know who let this posting through, but I think something went
> seriously wrong here.
>
> What do the mailing list administrators do here, letting a confidential
> source code with full copyright and confidentiality header intact through a
> public mailing list. The Bugtraq mailing list was especially noted as
> example even in the header, which should not be allowed to disclose this.
>
> Although a lot of Bugtraq readers might not agree with me here, I think
> there is a right under which I can deny the disclosure of this source code.
> Call it privacy, call it copyright, I do not care about its name.

Sebastian is correct. It was an error to approve the message given he
clearly stated in the comments he did not wish it distributed. For
that I apologize.

That being said, it been quite obvious that for a while now that this
exploit is being shared in the underground and has been used actively
to break into systems. Better control of exploits one does not wish
to see distributed may be called for.

> Oh, and another odd thing, there is no X-Approved-By: this time in the
> post, I wonder why. Do you know ?

The X-Approved-By header was inserted by LISTSERV. We been using ezmlm,
which does not insert the header, for a while now.

> ciao,
> -scut

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

---

• Previous message: Sebastian: "Re: telnetd exploit code"
• In reply to: Sebastian: "Re: telnetd exploit code"
• Next in thread: Aaron Silver: "Re: telnetd exploit code"
• Next in thread: Josh Brandt: "Re: telnetd exploit code"
• Reply: Aaron Silver: "Re: telnetd exploit code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: telnetd exploit code ... First of all let me say that I don't know Sebastian or his motivations, so I am not infering anything here, simply that this brought up a point that is now itching my head a lot. ... >> example even in the header, which should not be allowed to disclose this. ... >> there is a right under which I can deny the disclosure of this source code. ... (Bugtraq) Re: Function prefix comments in C files ... > function prototype in a header .h file. ... I work for a large organization where as 10 or so programmers might ... directory at the source code to find information about how to call a ... (comp.arch.embedded) Re: insert dialog ... > 3 Use wizard to Create new class CSecondDialog, ... > //create the second dialog window ... > source code in the #include area with others, ... > 6 Include the header for the main FIRST dialog in the Seconddlg.cpp source ... (microsoft.public.vc.mfc) Re: header files including other files ... Really I guess I am asking advice about source code organisation. ... Now, in any particular module, the module header file declares exported ... (comp.arch.embedded) Re: Defining variable in C header file related doubt ... I saw a program source code in which a variable is defined in a header ... possible.I thought it will throw "Variable redefinition Error". ... (comp.lang.c)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-07