Security Incidents mailing list archives
Re: Anybody recognize this Solaris compromise?
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Wed, 18 Apr 2007 17:08:26 +0100
On 18/04/07, jwmeritt () aol com <jwmeritt () aol com> wrote:
'a' telnetd vulnerability., not 'the' vulnerability. James W. Meritt CISSP, CISA, NSA IAM, PMP
Matt said "if you were compromised by the telnetd vulnerability Jamie linked to". I linked to a specific vulnerability (incorrect sanitisation of the USER environment variable apparently), hence 'the' is appropriate. There have of course been other telnetd vulnerabilities in the past, going back at least as far as 1991. ( e.g. http://www.cert.org/advisories/CA-1991-02.html , http://www.cert.org/advisories/CA-2001-21.html ) cheers, Jamie -- Jamie Riden, CISSP / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------- This list sponsored by: SPI DynamicsALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiNE --------------------------------------------------------------------------
Current thread:
- Anybody recognize this Solaris compromise? David Gillett (Apr 13)
- Re: Anybody recognize this Solaris compromise? Jamie Riden (Apr 13)
- Re: Anybody recognize this Solaris compromise? Tim (Apr 13)
- Re: Anybody recognize this Solaris compromise? Matthew T. Fata (Apr 13)
- Message not available
- Re: Anybody recognize this Solaris compromise? Jamie Riden (Apr 18)
- Re: Anybody recognize this Solaris compromise? Jamie Riden (Apr 13)
- Re: Anybody recognize this Solaris compromise? Axel Pettinger (Apr 13)