Firosh Ummer wrote: >Socket hijacking itself is not new - it has been cited in several sources >on the net. What I find disturbing is how easy it is for an attacker to >hijack a privileged connection and then insert privileged commands, >running with very low privileges. This is an old, old story. I remember reading many years ago about this kind of attack on NFS. (NFS runs on port 2049.) You're right that it's an issue, and I don't know of any perfect defense. But then, most Unices are frankly not very secure against local privilege elevation attacks, so I wouldn't rely too heavily on standard Unix distributions to prevent non-root users from getting root anyway. (Maybe I'm alone in that last sentiment.)
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 08:15:13 PST