Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Kodak Color Management System

From: Flynnh () MONT DISA MIL (Flynn, Harold M. III)
Date: Thu, 2 Mar 2000 03:01:24 -0000

KCMS on Sun.  I've been a little suspicious of it for a while now, but I
haven't really had the opportunity to play with it due to time constraints
and firefighting.  However, I'd like to point a few things out about it that
really raise my eyebrows.

First of all, it's interesting that it's remotely accessable (although not
by default).  It's an rpc service, and listed in /etc/inetd.conf although
commented out by default.  Looking in /usr/openwin/bin, I found this
interesting:

-rwsr-sr-x   1 root     bin        94184 Apr  1  1999 kcms_calibrate
-rwsr-sr-x   1 root     bin        23360 Apr  1  1999 kcms_configure
-rwxr-xr-x   1 root     bin        24380 Jul  9  1998 kcms_server

I'll play with it when I get time.  Yeah.  Right.  Somebody interested in
looking at it?

Hal

Hal Flynn, ICS Inc.     Senior Systems Analyst
Defense    Information  Systems   Agency
flynnh () mont disa mil    Commercial: 334-416-3233
DSN: 596-3233
Previous By Date Next
Previous By Thread Next

Current thread: