On Tue, 9 Oct 2001, Nelson Brito wrote: > I didn't remember this issue on BUGTRAQ, but I can't point it out that > this is OLD-NEWS in the wild. Try e.g. this one: http://security-archive.merton.ox.ac.uk/bugtraq-199804/0177.html > If you want read the ADM Crew's original issue, take a look at: > http://packetstorm.decepticons.org/groups/ADM/sploits/ADMesc Well, they missed some other possibilities... Also, I believe it makes any sense to exploit such vulnerabilities by hostile servers via network clients (telnet, ssh, nc, ftp, lynx, anything that might dump server-side responses to local console) or mail clients... -- _____________________________________________________ Michal Zalewski [lcamtufat_private] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
This archive was generated by hypermail 2b30 : Sun Dec 09 2001 - 10:22:04 PST