[Noisebridge-discuss] more bh/dc-ish waiting
Ian
ian at slumbrparty.com
Tue Jul 7 23:03:52 UTC 2009
you could do it. but would have to have local access. i mean, its
possible to do it remotely with this exploit, but you have to get
lucky with knowing pointer addresses
On Tue, Jul 7, 2009 at 3:34 PM, d p chang<weasel at meer.net> wrote:
> Ian <ian at slumbrparty.com> writes:
>
>> it could be this one. i'm just guessing.
>>
>> http://www.securityfocus.com/bid/32319/info
>
> hmmm... that's an information leak (although updated recently). maybe
> i'm not 'security guy' enough, but i think that means that ssh was
> 'giving away' information going over an already setup connection.
>
> the little log in the sans thing made it look like a remote access/hole
>
> anti-sec:~/pwn/xpl# ./0pen0wn -h xx.yy.143.133 -p 22
> ... deletia ...
> sh-3.2# id
> uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
>
> which is what piqued my curiosity (although probably not all of
> discuss's).
>
> \p
> ---
> Wit lies in recognising the resemblance among things which differ and
> the difference between things which are alike. - Madame de Staël
>
More information about the Noisebridge-discuss
mailing list