Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: ALERT: A Level 10 Exploit has been released.

  1. #1

    ALERT: A Level 10 Exploit has been released.

    This is an email i got from Dyagnosis (i think it's a members website here ) today !

    Dear MemorY None,
    ALERT: A Level 10 Exploit has been released.

    Published: 19.09.04
    Source: BUGTRAQ
    Type: remote
    Level: 10 - Remote root exploit on a major OS distribution.
    Description: It's possible to overflow buffer with AYT telnet protocol command.
    Affected products:
    FREEBSD:FreeBSD 5.0
    FREEBSD:FreeBSD 4.3
    OPENBSD:OpenBSD 2.9
    BSDI:BSD/OS 4.2
    NETBSD:NetBSD 1.5
    SGI:Irix 6.5
    SUN:Solaris 2.8
    LINUX:Linux netkit-telnetd 0.13
    SCO:OpenServer 5.0
    APPLE:MacOS X 10.0
    DEBIANebian netkit-telnetd 0.17

    More info, exploit and scanner HERE

    The link in the message doesn't work, can anybody shed some more info on this ?
    O.G at A.O

  2. #2
    Dead Man Walking
    Join Date
    Jan 2003
    Its not listed on the bugtraq website at www.securityfocus.com as of right now

  3. #3
    AO French Antique News Whore
    Join Date
    Aug 2001
    Where the **** is Windows OS?

    Sorry but it was too easy! I'm tired to death and I see this huge title in my RSS Feed Program! I'm sure a mega exploit was release for last week jpg patch of M$ but I came to see Windows is unaffected! WOW! That a change, it's for Unix/Linux!
    -Simon \"SDK\"

  4. #4
    T3h 1337 N00b kryptonic's Avatar
    Join Date
    Sep 2003
    Seattle, Washington.
    Wait so this doesnt affect windows? Wow thats a first i swear. LOL


  5. #5
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands
    Well it doesn't affect windows, unless you install the netkit-telnetd on it
    Not all linux distros come with this telnet daemon..

    And who the **** has his telnet open to the world these days anyway..
    Edit your /etc/inetd.conf and comment out the telnet part..
    Restart your inetd...
    And feel safe again..

    Level 10 my ass..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  6. #6
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    the_Jinx, oh so very true, as always
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    The user 妯py展ght is talking about is dynagnosis
    The source of the email is from this website http://www.dyngnosis.com/
    on this page http://www.dyngnosis.com/Default.aspx?tabid=68

    I would recommend having a look at where his tutorials came from..

    and the links mentioned are internal at his website..

    * The contents of these coded instructions, statements and computer
    * programs may not be disclosed to third parties, copied or duplicated in
    * any form, in whole or in part, without the prior written permission of
    * TESO Security. This includes especially the Bugtraq mailing list, the
    * www.hack.co.za website and any public exploit archive.
    Hmmmm I wonder if permission was given?..

    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    Uhh... Aren't these rather old? (esp since they are dated 2001??)


    /* www.hack.co.za [23 July 2001]*/

    Date: 25/07/01
    I believe those two are actually from this CERT Telnet Advisory
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Ok, so let's get this right, "copyright":

    - The "Level 10 alert" is about a remote exploit in telnet, which no sane administrator is running on the internet anyway (and most don't even run on LANs)
    - The info is over 3 years old

    I'd ask the people who run your "Private members only site" how they classify the alerts because it sounds a bit bogus to me.


  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Anyone thought that "Alert Level 10" might be the absolute lowest level.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts