Bugtraq mailing list archives
O/S holes
From: matt () apex ca (Matthew Harding)
Date: Thu, 19 Jan 95 16:44:19 EST
All this talk of sunOS 4.1.4 straight from the factory makes me start thinking... Is this how most hackers operate? With a list of known bugs for most major O/Ss and simply telnetting (or whathaveyou) to sites, check out the OS level, and look up that section in tha trusty hacker's guide? Working as onsite Sun support rep at a MAJOR company, I know how frustrating it is to have to try and deliver patches out to every single box out there... It would seem to me that as soon as bugs like this are found, you can predict with 100% certainty someone will get broken... BTW, to the person that mentioned you can't fool BIND server into using # as a hostname, isn't that assuming you are going through BIND itself? If we assume any talented hacker can craft their own UDP packets, then by definition this is a hole, right? I guess we have to split out security bugs into those usable by complete idiots, and those usable by packet- generating programs... Any comments, please send to my mailbox... thanks! Matthew Harding (matt () apex ca)
Current thread:
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Leo Bicknell (Jan 18)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION David Barr (Jan 18)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Doug Siebert (Jan 18)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Timothy Newsham (Jan 19)
- O/S holes Matthew Harding (Jan 19)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Doug Siebert (Jan 18)
- Attach on DES paper??? Robert Moskowitz (Jan 18)
- Re: Attach on DES paper??? Perry E. Metzger (Jan 19)
- Re: Attach on DES paper??? Alexander Haiut (Jan 19)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION Timothy Newsham (Jan 19)
- Re: Sol2.x Mouse EXPLOIT info - CORRECTION David Barr (Jan 18)