[olug] remote root heads up on Redhat
Phil Brutsche
phil at fury.brutsche.org
Wed Sep 27 05:06:25 UTC 2000
A long time ago, in a galaxy far, far way, someone said...
> Be aware there's been plenty of discussion of bugtraq lately about "string
> format" remote root exploits. If you're running rpc.statd (sunrpc) or wu-ftpd,
> you may want to investigate. I know of one very experienced Redhat person with
> much security experience that very recently had a very serious problem that
> could possibly be related. Seems the exploit could be more general, and not
> particular to just the aforementioned daemons.
It is most definitely a general problem, and part of a programming
technique. Earlier today ISC's dhcp server software and the LPRng lpd
server software (ie the one used in the recently released RedHat 7) were
revealed to be vunlerable tothe format string bugs. IIRC the recent set
of syslog updates were also format string- related.
We're going to be seeing stuff like this for a while yet.
Thank god for firewalls.
--
----------------------------------------------------------------------
Phil Brutsche pbrutsch at creighton.edu
"There are two things that are infinite; Human stupidity and the universe.
And I'm not sure about the universe." - Albert Einstein
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net
More information about the OLUG
mailing list