lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: deigodude at aol.com (Deigo Dude)
Subject: Automated ssh scanning

Maybe running this test again, and this time removing the setuid bit 
from any programs that don't really need it. Then youd have a smaller 
attack vector (the few setuid binaries that are left, and the kernel, 
since we know it isn't an ssh exploit and you said that was the only 
service you were running.)


dufresne@...ternet.com wrote:

>On Thu, 26 Aug 2004, Todd Towles wrote:
>
>  
>
>>Hey Ron,
>>
>>Guest isn't a admin so they let the tool get in. But the real questions
>>is, how does it get root access on a fully patched server? It appears to
>>use a local exploit to gain root access. This is a problem.
>>
>>    
>>
>
>The better question to ask is;  on a fully  patched *nix system, which
>apps are not exploitable to gain elivated privledge.  KDE, GNOME, other X
>apps are prime targets, as well as things like vi, jed, etc.  The smaller
>number on a fully installed system is going to be those apps that have
>either been audited to the point all overflows have been fixed.
>
>Now, how they gained root is likely in the logs or .history files, if they
>have not been removed or truncated in the exploitation.  System forensics
>is the key to trying to track this down on the server i question and is a
>whole area unto itself in systems security.
>
>Thanks,
>
>Ron Dufresne
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>"Cutting the space budget really restores my faith in humanity.  It
>eliminates dreams, goals, and ideals and lets us get straight to the
>business of hate, debauchery, and self-annihilation." -- Johnny Hart
>    ***testing, only testing, and damn good at it too!***
>
>OK, so you're a Ph.D.  Just don't touch anything.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>  
>


Powered by blists - more mailing lists