lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed May 11 21:57:28 2005
From: mailinglists at vanscherpenseel.nl (Vincent van Scherpenseel)
Subject: OpenServer 5.0.6 OpenServer 5.0.7 : chroot
	A	known exploit can break a chroot prison.

On Wednesday 11 May 2005 20:44, KF (lists) wrote:
> Anyone ever wonder why all their security advisories come out for known
> issues two years after they have been found?
>
> Anyone ever wonder why they STILL use a vulnerble version of wu ftpd on
> one of their main servers?
>
> Connected to ftpput.sco.com.
> 220 artemis FTP server (Version 2.1WU(1)) ready.
> Name (ftpput.sco.com:doucheknob):
>
> Move along... nothing to see here but a decrepid OS that no one cares
> about.
> -KF

Keep in mind that you shouldn't fully rely on service banners. These are 
easily faked to keep the script kiddies away. I know, that's security through 
obscurity, but not the whole world is Full Disclosure.

 - Vincent van Scherpenseel

-- 
http://vincent.vanscherpenseel.nl/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ