Bugtraq: Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)

From: spaf () CS PURDUE EDU (Gene Spafford)
Date: Sat, 11 Jul 1998 19:18:17 -0500


Well, not to detract from Mudge's reputation, but there were several
exploits published in 90-92 dealing with dropping into the console
monitor/debugger on Suns and poking at various things in memory.  This
is hardly new.

This is also how you can steal Kerberos tickets and passwords, PGP
keys, and other assorted goodies if you have physical access to a
machine someone is using remotely.

And this isn't new to anyone who ever poked around in memory on an old
PDP machine, or an old DG or Prime box, or....

I'll let you draw your own conclusions from this story.   I will note
that there is a reason Sun monitors have those security settings, and
why the documentation suggests setting them.

--spaf

By Date By Thread

Current thread:

port 0 scanning, (continued)
- port 0 scanning Lamont Granquist (Jul 08)
  - Re: port 0 scanning Lamont Granquist (Jul 09)
    - Regarding Mudge's OBP/FORTH root hack (PHRACK53) Jericho Nunn (Jul 10)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) John W. Temples (Jul 11)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Gene Spafford (Jul 11)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Mike Scher (Jul 11)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
    - [FWD] Attention: Please update your imapd Raj Singh (Jul 13)
    - Re: port 0 scanning Dagmar d'Surreal (Jul 10)