local:
restore
suidperl !
glibc !
traceroute !
syslog format string bugs
remote:
rpc.statd -> statdx
wuftpd -> wuftpd-god.c !
GNORBA unreleased
xfs
Or type "redhat 6.2" in a search engine. ;)
Riley Hassell
Network Security Consultant
riley_at_speakeasy.org
On Tue, 7 Nov 2000, Dunker, Noah wrote:
> Stock Red Hat 6.2 with no patches?
>
> I've had some luck with the following:
>
> The Dump and Restore vulnerabilities (local):
> http://packetstorm.securify.com/0011-exploits/dump.sh
>
> The SUIDPERL / Mailx mess (local):
> http://packetstorm.securify.com/0008-exploits/suidperlhack.pl
>
> The rpc.statd REMOTE ROOT:
> (url not available, I have the source though.) I think it
> was called "statdx2.c" and it was on www.hack.co.za, which is
> down right now. Maybe find an up-to-date mirror, if exists?
>
> these are all lame script-kiddie exploits that
> are still actively being used. Anyone who keeps up on
> their patches will have fixed all of these.
>
> --Noah dunker
>
>
>
> -----Original Message-----
> From: Adassovsky Michel [mailto:manahune_at_YAHOO.COM]
> Sent: Tuesday, November 07, 2000 1:42 PM
> To: PEN-TEST_at_SECURITYFOCUS.COM
> Subject: Linux
>
>
> Hello,
>
> I am doing a penetration test for a customer of us.
> I have obtained user acces on a RedHat 6.2 box.
> Can someone tell me how can I now gain root access, or
> if you know any links giving exploits to gain root
> acces...
>
> Thank you
>
>
> Michel - FRANCE
>
> __________________________________________________
> Do You Yahoo!?
> Thousands of Stores. Millions of Products. All in one Place.
> http://shopping.yahoo.com/
>
Received on Nov 09 2000
Intro
