Re: rpc.nfsd exploit code

From: Rogier Wolff (R.E.Wolffat_private)
Date: Fri Nov 12 1999 - 15:16:39 PST

Next message: Aleph One: "Microsoft Security Bulletin (MS99-049)"

Previous message: Tellier, Brock: "Oracle 8 root exploit"
Maybe in reply to: Mariusz Marcinkiewicz: "rpc.nfsd exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mariusz Marcinkiewicz wrote:
>
> Hi
>
> On Thu, 11 Nov 1999, Crispin Cowan wrote:
>
> > We were unable to get this sploit to actually produce a root shell on an
> > unprotected nfsd.
>
> Sorry, this version of exploit wasn't tested well. Maybe it doesn't work
> in some cases.

Maybe. My experience is that when I send a working exploit to about 20
linux users who volunteered to test these things, I get about a 50/50
'Whoa that gave me a root shell in a second' versus 'Nope, we're safe:
this doesn't work on .....'

The "bad" guys have the time and take the trouble to tune an exploit
till it works. The "good" guys don't have the time. It's best to take
"there is an exploit" or "this is the exploit" at face value and
upgrade. Really.

				Roger.

--
** R.E.Wolffat_private ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
 "I didn't say it was your fault. I said I was going to blame it on you."

Next message: Aleph One: "Microsoft Security Bulletin (MS99-049)"
Previous message: Tellier, Brock: "Oracle 8 root exploit"
Maybe in reply to: Mariusz Marcinkiewicz: "rpc.nfsd exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:12:06 PDT