Bugtraq mailing list archives

Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)

From: spaf () CS PURDUE EDU (Gene Spafford)
Date: Sat, 11 Jul 1998 19:18:17 -0500


Well, not to detract from Mudge's reputation, but there were several
exploits published in 90-92 dealing with dropping into the console
monitor/debugger on Suns and poking at various things in memory.  This
is hardly new.

This is also how you can steal Kerberos tickets and passwords, PGP
keys, and other assorted goodies if you have physical access to a
machine someone is using remotely.

And this isn't new to anyone who ever poked around in memory on an old
PDP machine, or an old DG or Prime box, or....

I'll let you draw your own conclusions from this story.   I will note
that there is a reason Sun monitors have those security settings, and
why the documentation suggests setting them.

--spaf

Current thread:

Re: Linux kernel filesystem oddities, (continued)
- - - Re: Linux kernel filesystem oddities Jeffrey Hutzelman (Jul 09)
    - dslip package David Kopstain (Jul 09)
    - SLMail 3.0.2421 Stack Overflow... Aleph One (Jul 09)
- Re: SmurfLog 1.0 Solar Designer (Jul 06)
  - Re: SmurfLog 1.0 Bug Lord (Jul 10)
- port 0 scanning Lamont Granquist (Jul 08)
  - Re: port 0 scanning Lamont Granquist (Jul 09)
    - Regarding Mudge's OBP/FORTH root hack (PHRACK53) Jericho Nunn (Jul 10)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) John W. Temples (Jul 11)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Gene Spafford (Jul 11)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Mike Scher (Jul 11)
    - Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
    - [FWD] Attention: Please update your imapd Raj Singh (Jul 13)
    - Re: port 0 scanning Dagmar d'Surreal (Jul 10)