Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] OpenBSD local exploit
- To: tlug@example.com
- Subject: [tlug] OpenBSD local exploit
- From: Matt Doughty <mdoughty@example.com>
- Date: Fri, 12 Apr 2002 09:40:15 +0900
- Content-disposition: inline
- Content-transfer-encoding: 7bit
- Content-type: text/plain; charset=us-ascii
- In-reply-to: <20020411205342.GA293%j-morgan@example.com>; from j-morgan@example.com on Thu, Apr 11, 2002 at 08:53:42PM +0000
- Mail-followup-to: Matt Doughty <mdoughty@example.com>, tlug@example.com
- References: <200204110847.g3B8lb714329@example.com> <20020411181753.B29344@example.com> <20020411205342.GA293%j-morgan@example.com>
- User-agent: Mutt/1.2.4i-jp0
Well it looks like good ol' self proclaimed 'most secure *nix ever' OpenBSD has a local root vulnerability that is in the wild. Aparently, mail accepts escapes sequences in non-interactive mode. As a result it can be exploited via the daily cron jobs that use mail to send reports. Anyone our there that is running Open better have a look see for a patch. It seems an exploit is already in the wild. --Matt -- "Take away them collisions and the common channel and it's like Christianity without Christ." -Jim Breen (speaking about "full-duplex" Ethernet)
- Follow-Ups:
- Re: [tlug] OpenBSD local exploit
- From: ayako kato
- Re: [tlug] OpenBSD local exploit
- From: Christopher SEKIYA
- Re: [tlug] OpenBSD local exploit
- References:
- Re: [tlug] Honeypots
- From: Christopher SEKIYA
- Re: [tlug] Honeypots
- From: Matt Doughty
- Re: [tlug] Honeypots
- From: Jack Morgan
- Re: [tlug] Honeypots
- Prev by Date: Re: [tlug] sed and awk
- Next by Date: [tlug] http://tlug.gr.jp/members/index.html
- Previous by thread: Re: [tlug] Honeypots
- Next by thread: Re: [tlug] OpenBSD local exploit
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |