And if you are a graduate student in sociology, writing a paper on prostitution, does that mean you shoud approach a street walker with a proposal? I say NO! If you find a cop and solicit her, the 'writing a paper' story won't fly.... There is a proper etiquitte in finding information..... -----Original Message----- From: sa7ori [mailto:sa7oriat_private] Sent: Thursday, September 06, 2001 5:29 PM To: sween Cc: vuln-devat_private Subject: Re: Telnetd exploit for solaris I was anticipating the flurry of flames that would follow the original post. Unfortunately, the original question, and the response posts are perfect embodiments of the follies of this industry. While we want to discourage "script kiddie" like behavior, perhaps this individual is looking for this exploit for genuinely inquisitive reasons. If you are an admin, sure you can patch and be done with it, but with something like telnetd the possibility of MULTIPLE overflows in client/server negotiation are VERY possible (the recent BSD telnetd is a PERFECT example of this). Even a "script kiddie" disabled exploit can give a competent C coder a leg up, and cut down on the hours otherwise spent auditing the daemon. Additionally, with regard to this request, I think it is safe to assume that this guy doesnt speak english as his first language, and thus doesnt know the pleasantries envolved with asking about such a delicate topic, let alone reading an advisory written entirely in english! I know the "script kiddiez", "incompitent security leeches", and the "angry antisec folk" are all at each others throats, but in the interest of remaining civilized, lets just pause and reflect befor we lunge at each other... On Thu, 6 Sep 2001, sween wrote: > > On Wed, 5 Sep 2001, fintler wrote: > > Now why would you possible want something like that...if you were an > > sooooo you can drive an industry and root somebody's solaris machine and > prove to SOMEONE's company that this computer security bullshit isn't just > a fad and that are not wasting 60K a year for a "security" expert to hover > over security focus mailing lists and apply patches to expensive operating > systems that were shipped broken in the first place. > > this industry needs an old fashioned ass whoopin. > > You owe script kiddies... BIG TIME. > > GET OFF MY LIST. > > > > > --- Labkonto <ppht-15at_private> wrote: > > > Anyone here that developed an exploit > > > for the Telnetd buffer overflow on solaris, > > > or know where to get one? > > > > > > > > > // pp > > > > > > > admin, you'd just patch your > > box and forget it. I can only assume you're trying to get into someone elses box, what makes you > > think I'm going to give you a script so you can get someone fired from their job because you felt > > like being an 3r3ct skr1pt k1ddi3. > > > > -fintler <fintlerat_private> > > > > __________________________________________________ > > Do You Yahoo!? > > Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger > > http://im.yahoo.com > > > > > > > -- > > sween > -script kiddie- > > >
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 10:17:31 PDT