mailing list archives
Re: [PEN-TEST] Linux
From: Riley Hassell <riley () SPEAKEASY NET>
Date: Tue, 7 Nov 2000 18:56:27 -0800
syslog format string bugs
rpc.statd -> statdx
wuftpd -> wuftpd-god.c !
Or type "redhat 6.2" in a search engine. ;)
Network Security Consultant
riley () speakeasy org
On Tue, 7 Nov 2000, Dunker, Noah wrote:
Stock Red Hat 6.2 with no patches?
I've had some luck with the following:
The Dump and Restore vulnerabilities (local):
The SUIDPERL / Mailx mess (local):
The rpc.statd REMOTE ROOT:
(url not available, I have the source though.) I think it
was called "statdx2.c" and it was on www.hack.co.za, which is
down right now. Maybe find an up-to-date mirror, if exists?
these are all lame script-kiddie exploits that
are still actively being used. Anyone who keeps up on
their patches will have fixed all of these.
From: Adassovsky Michel [mailto:manahune () YAHOO COM]
Sent: Tuesday, November 07, 2000 1:42 PM
To: PEN-TEST () SECURITYFOCUS COM
I am doing a penetration test for a customer of us.
I have obtained user acces on a RedHat 6.2 box.
Can someone tell me how can I now gain root access, or
if you know any links giving exploits to gain root
Michel - FRANCE
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.