Home page logo

bugtraq logo Bugtraq mailing list archives

Re: DJB's students release 44 *nix software vulnerability advisories
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Tue, 21 Dec 2004 14:59:15 -0500 (EST)

On Mon, 20 Dec 2004, Jonathan T Rockway wrote:

Regarding local versus remote, look at it this way:  You have a 100%
secure system.  Then you install NASM.  Now a user FROM THE NETWORK can
send you some tainted assembly code for you to assemble and he can
compromise your account.

That's nonsense.  If you have /bin/sh installed, I can send you a shell
script FROM THE NETWORK that will give me root access if you run it.
Therefore, every UNIX system on Earth has a remote hole, according to
your definition.

Now in regards to full disclosure, I think you should all be happy
that we bothered to tell you all about these exploits.  We could
have selfishly used them to compromise machines, but instead we
wrote them up and mailed them off to the users and the authors!

Could you have?  How, pray tell, would you compromise a machine with
the NASM exploit?  Even if you have a local account, the NASM exploit
lets you run arbitrary code as... yourself.  Big deal.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]