[FUGSPBR] En: more info on the iosmash.c exploit

Flavio Alberto applein em tutopia.com.br
Qui Abr 25 10:18:58 BRT 2002 

----- Original Message -----
From: John Scimone <jscimone em cc.gatech.edu>
To: <bugtraq em securityfocus.com>
Cc: <vuln-dev em securityfocus.com>; <recon em snosoft.com>
Sent: Tuesday, April 23, 2002 5:23 PM
Subject: more info on the iosmash.c exploit


> Quer ter seu próprio endereço na Internet?
> Garanta já o seu e ainda ganhe cinco e-mails personalizados.
> DomíniosBOL - http://dominios.bol.com.br
>
>
>
>
>
> phased had some comments he wanted me to forward on to the lists in
> regards to his latest exploit.
>
> He says that skeys are used via all authentication methods... i.e telnet,
so
> someone could change the user to someone in the wheel group.  Haven't used
> skeys via ssh yet but I presume it works.  Root obviously can't just
telnet
> in by default but usually can ssh, but if the box being exploited contains
> people in the wheel group you can change the root user in the exploit to
any
> user to log in via skeys as that user.
>
> -sert-
>
> That file you've been guarding, isn't.
> -------------------------------------------------------------------
>       ______________________________
>      /   _____/\______   \__    ___/   | Secure Network Operations
>      \_____  \  |       _/ |    |      | http://www.snosoft.com
>      /        \ |    |   \ |    |      | recon em snosoft.com
>     /_______  / |____|_  / |____|      |
>             \/         \/              | Project Cerebrum
>     Strategic  Reconnaissance Team     | cerebrum em snosoft.com
>
> ---------- Forwarded message ----------
> Date: Wed, 24 Apr 2002 03:33:15 +0400
> From: James Green <phased em mail.ru>
> To: recon em snosoft.com
> Subject: the iosmash.c exploit
>
>
> in the comments i used su to gain root, someone needs to post to bugtraq
> that skeys is used via all auth methods, i.e. telnet so you could change
> the user to someone in wheel, havent used skeys via ssh but i presume it
>  works. root isnt allowed to telnet default but usually can ssh, but if
the
>  box has people in the wheel group you can change the root to any user in
the
>  exploit to log in via skeys as that user.  btw dont forward this post can
i
>  had some beers tonight heh :) put it in better english lol
>
> phased
> phased em snosoft.com
>
> -------------------------------------------------------
>
>

----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.

Mais detalhes sobre a lista de discussão freebsd