lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Sep 2004 15:41:53 -0700 From: Matt Zimmerman <mdz@...ian.org> To: bugtraq@...urityfocus.com Subject: Re: Debian netkit telnetd vulnerability On Tue, Sep 21, 2004 at 03:11:49AM +0400, Solar Designer wrote: > On Sat, Sep 18, 2004 at 09:57:19PM +0200, Michal Zalewski wrote: > > Exposure: > > > > Remote root compromise through buffer handling flaws > > FWIW, some (two?) distributions have privsep'ed telnetd by now, where > the immediate impact of this flaw (if it were present there) would be > code execution as pseudo-user "telnetd" chrooted to /var/empty. (*) Debian's telnetd runs as user telnetd, though it does not chroot to /var/empty. -- - mdz
Powered by blists - more mailing lists