Re: Telnetd exploit for solaris

From: sa7ori (sa7oriat_private)
Date: Thu Sep 06 2001 - 17:29:03 PDT

Next message: Enrique A. Compañ Gzz.: "Small win32 shellcode demo"

Previous message: sa7ori: "Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
In reply to: sween: "Re: Telnetd exploit for solaris"
Next in thread: Joseph Spears: "RE: Telnetd exploit for solaris"
Next in thread: Stanley G. Bubrouski: "Re: Telnetd exploit for solaris"
Next in thread: Robert A. Seace: "Re: Telnetd exploit for solaris"
Reply: Joseph Spears: "RE: Telnetd exploit for solaris"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was anticipating the flurry of flames that would follow the original
post. Unfortunately, the original question, and the response posts are
perfect embodiments of the follies of this industry. While we want to
discourage "script kiddie" like behavior, perhaps this individual is
looking for this exploit for genuinely inquisitive reasons. If you are an
admin, sure you can patch and be done with it, but with something like
telnetd the possibility of MULTIPLE overflows in client/server
negotiation are VERY possible (the recent BSD telnetd is a PERFECT example
of this). Even a "script kiddie" disabled exploit can give a competent C
coder a leg up, and cut down on the hours otherwise spent auditing the
daemon. Additionally, with regard to this request, I think it is safe to
assume that this guy doesnt speak english as his first language, and thus
doesnt know the pleasantries envolved with asking about such a delicate
topic, let alone reading an advisory written entirely in english! I know
the "script kiddiez", "incompitent security leeches", and
the "angry antisec folk" are all at each others throats, but in the
interest of remaining civilized, lets just pause and reflect befor we
lunge at each other...

On Thu, 6 Sep 2001, sween wrote:

>
> On Wed, 5 Sep 2001, fintler wrote:
> > Now why would you possible want something like that...if you were an
>
> sooooo you can drive an industry and root somebody's solaris machine and
> prove to SOMEONE's company that this computer security bullshit isn't just
> a fad and that are not wasting 60K a year for a "security" expert to hover
> over security focus mailing lists and apply patches to expensive operating
> systems that were shipped broken in the first place.
>
> this industry needs an old fashioned ass whoopin.
>
> You owe script kiddies... BIG TIME.
>
> GET OFF MY LIST.
>
> >
> > --- Labkonto <ppht-15at_private> wrote:
> > > Anyone here that developed an exploit
> > > for the Telnetd buffer overflow on solaris,
> > > or know where to get one?
> > >
> > >
> > > // pp
> > >
> >
>
> admin, you'd just patch your
> > box and forget it. I can only assume you're trying to get into someone elses box, what makes you
> > think I'm going to give you a script so you can get someone fired from their job because you felt
> > like being an 3r3ct skr1pt k1ddi3.
> >
> > -fintler <fintlerat_private>
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
> > http://im.yahoo.com
> >
> >
>
>
> --
>
> sween
> -script kiddie-
>
>
>

Next message: Enrique A. Compañ Gzz.: "Small win32 shellcode demo"
Previous message: sa7ori: "Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
In reply to: sween: "Re: Telnetd exploit for solaris"
Next in thread: Joseph Spears: "RE: Telnetd exploit for solaris"
Next in thread: Stanley G. Bubrouski: "Re: Telnetd exploit for solaris"
Next in thread: Robert A. Seace: "Re: Telnetd exploit for solaris"
Reply: Joseph Spears: "RE: Telnetd exploit for solaris"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 06 2001 - 23:02:15 PDT