-
September 20th, 2004, 01:48 AM
#1
ALERT: A Level 10 Exploit has been released.
This is an email i got from Dyagnosis (i think it's a members website here ) today !
Dear MemorY None,
ALERT: A Level 10 Exploit has been released.
Published: 19.09.04
Source: BUGTRAQ
Type: remote
Level: 10 - Remote root exploit on a major OS distribution.
Description: It's possible to overflow buffer with AYT telnet protocol command.
Affected products:
FREEBSD:FreeBSD 5.0
FREEBSD:FreeBSD 4.3
OPENBSD:OpenBSD 2.9
BSDI:BSD/OS 4.2
NETBSD:NetBSD 1.5
SGI:Irix 6.5
SUN:Solaris 2.8
LINUX:Linux netkit-telnetd 0.13
SCO:OpenServer 5.0
APPLE:MacOS X 10.0
DEBIANebian netkit-telnetd 0.17
More info, exploit and scanner HERE
The link in the message doesn't work, can anybody shed some more info on this ?
-
September 20th, 2004, 04:21 AM
#2
Its not listed on the bugtraq website at www.securityfocus.com as of right now
-
September 20th, 2004, 04:31 AM
#3
Where the **** is Windows OS?
Sorry but it was too easy! I'm tired to death and I see this huge title in my RSS Feed Program! I'm sure a mega exploit was release for last week jpg patch of M$ but I came to see Windows is unaffected! WOW! That a change, it's for Unix/Linux!
-
September 20th, 2004, 07:29 AM
#4
Wait so this doesnt affect windows? Wow thats a first i swear. LOL
Kryptonic
-
September 20th, 2004, 08:04 AM
#5
Well it doesn't affect windows, unless you install the netkit-telnetd on it
Not all linux distros come with this telnet daemon..
And who the **** has his telnet open to the world these days anyway..
Edit your /etc/inetd.conf and comment out the telnet part..
Restart your inetd...
And feel safe again..
Level 10 my ass..
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
September 20th, 2004, 08:17 AM
#6
the_Jinx, oh so very true, as always
-
September 20th, 2004, 09:31 AM
#7
The user ©opy®ight is talking about is dynagnosis
The source of the email is from this website http://www.dyngnosis.com/
on this page http://www.dyngnosis.com/Default.aspx?tabid=68
I would recommend having a look at where his tutorials came from..
and the links mentioned are internal at his website..
http://www.dyngnosis.com/code/aytscan.c
http://www.dyngnosis.com/code/7350854.c
* The contents of these coded instructions, statements and computer
* programs may not be disclosed to third parties, copied or duplicated in
* any form, in whole or in part, without the prior written permission of
* TESO Security. This includes especially the Bugtraq mailing list, the
* www.hack.co.za website and any public exploit archive.
Hmmmm I wonder if permission was given?..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
September 20th, 2004, 09:54 AM
#8
Uhh... Aren't these rather old? (esp since they are dated 2001??)
I believe those two are actually from this CERT Telnet Advisory
-
September 20th, 2004, 10:36 AM
#9
Ok, so let's get this right, "copyright":
- The "Level 10 alert" is about a remote exploit in telnet, which no sane administrator is running on the internet anyway (and most don't even run on LANs)
- The info is over 3 years old
I'd ask the people who run your "Private members only site" how they classify the alerts because it sounds a bit bogus to me.
Slarty
-
September 20th, 2004, 11:26 AM
#10
Anyone thought that "Alert Level 10" might be the absolute lowest level.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|