Re: DebPloit (exploit)

From: Florian Weimer (Weimerat_private-Stuttgart.DE)
Date: Tue Mar 26 2002 - 03:50:33 PST

Next message: martin f krafft: "Re: DoS in debian (potato) proftpd"

Previous message: Florian Hobelsberger / BlueScreen: "[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability"
In reply to: Mike Tone: "Fwd: DebPloit (exploit)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For our own use, we have rewritten DPfix in Ada so that we have
complete source code for this tool.  (DPfix by Radim "EliCZ" Picha
changes the erratic ACL so that it allows access for SYSTEM only.)  As
of now, we have not encountered any side effects in our setup.

Our tool is slightly more general (you have to pass the process and
object name on the command line), and it does not require any user
interaction, so it is suitable for startup scripts.

Further information, full Ada source code, and a precompiled binary is
available at:

   http://CERT.Uni-Stuttgart.DE/people/fw/tools/chsystem/

-- 
Florian Weimer 	                  Weimerat_private-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Next message: martin f krafft: "Re: DoS in debian (potato) proftpd"
Previous message: Florian Hobelsberger / BlueScreen: "[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability"
In reply to: Mike Tone: "Fwd: DebPloit (exploit)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 27 2002 - 14:35:25 PST