Bugtraq mailing list archives
Re: Livingston bugs...
From: phil () netdoor com (Phillip Moore)
Date: Tue, 12 Sep 1995 15:47:33 -0500
On Tue, 12 Sep 1995, Jay 'Whip' Grizzard wrote:
I saw the "pmcrash" program, but I never saw the commentary on it that was supposedly sent before the exploit was sent. Anyone know the details of how it works? (other than the obvious explenation provided by reading the source...)
It was simply to telnet to the portmaster and send the break character. This would cause the PM to reboot.
I, personally, can't understand such a passive attitude on the part of Livingston -- I personally would call a bug where you can crash virtually anyone's network connection, from virtually anywhere in the world, to be a major bug. Maybe it's just me...
I am on the portmasters mailing list as well, and a representative from Livingston said he "considered it a feature and not a bug". I find this hard to believe too, and have been complaining about it to all those around me for several days!
ObBugTraq: Apparently (at least, under limited testing), putting up a filter to prevent folks from getting to your login port from the outside world will protect you -- Except I don't _want_ to have to start filtering things out, and in some circuimstances (backbone routers, etc), it's not exactly a viable option. Do YOU want to have the bandwith of several T1's all running through a filter before they get off the router? No, thanks...
Another solution is to change the telnet port for the PM. Its not a permanent solution, but it would stop those would-be crackers that just try to telnet to the PM, not knowing the correct port number. Phillip Moore office: 601.952.1570 Internet Doorway, Inc. fax : 601.952.1573 Systems Administrator www : http://www.netdoor.com/
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Tim Scanlon (Sep 02)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Slava Kritov (Sep 05)
- Discovery: Gain access to root on Linux via NIS Ken Weaverling (Sep 05)
- Re: Discovery: Gain access to root on Linux via NIS Alan Hannan (Sep 07)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 04)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 12)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Livingston bugs... Jay 'Whip' Grizzard (Sep 12)
- Re: Livingston bugs... Phillip Moore (Sep 12)
- Re: Livingston bugs... Dave Andersen (Sep 12)
- Re: Livingston bugs... Mike A Lyons (Sep 12)
- LACC Julian Assange (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Tim Scanlon (Sep 02)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Charles Sumner (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Doug Hughes (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Scott Barman (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 18)
- Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)