-
December 18th, 2001, 11:54 PM
#1
Junior Member
lpd exploit (Solaris)
There seems to be a clever lpd exploit around which works at least on solaris.
It seems to work on to phases.
First it misuses local mail to listen on port 1524 using a special mail.cf and then it installs a shell listening on port 37777.
It needs an active cc.
Does somebody know something about it, is the code known?
-
December 19th, 2001, 01:04 AM
#2
sorry I don't think the code is known, but it's worth checking out. I'll let you know if I find somthing.
-
December 22nd, 2001, 12:01 AM
#3
Junior Member
Unfortunately lpd exploits have plagued the Unix world for decades. They come in a variety of delivery methods and have targeted specific versions and implemenations over the years. I believe Red Hat had the nastiest one a couple of years ago.
My particular issue with Solaris has always been that they are about as slow as MS in fixing/patching such problems. Don't get me wrong, Solaris is an outstanding OS. I choose to use Linux and FreeBSD though because being a security concious guy, the mainatainers and 3rd party solution providers are more on top of the issues as they happen. Less than two hours for the patch to the Linux kernel that prevented the receipt of a `ping of death' attack (packet greater than 65536 bytes).
-
December 22nd, 2001, 07:10 AM
#4
blame BSD for the LPD problems....its their system........
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
December 22nd, 2001, 09:37 AM
#5
Junior Member
Originally posted by hogfly
blame BSD for the LPD problems....its their system........
The problem is, that it's not. Solaris made its
own implementation of the lpd protocol. Therefore
it seems to be still vulnerable, even after the
BSD problem has been solved.
According to our investigations it can be fooled by using a TAB to send a control file to sendmail. The crude solaris fix just translates SP into "_ ", instead of using a secure system call.
I'll inform when we know more.
-> It seems to be wise to protect solaris systems from access over port 515.
-
December 22nd, 2001, 09:57 AM
#6
their own implementation yes...off of a BSD base.....but that isnt the point..
this sounds very interesting, please do keep us informed, especially if it turns out to be substantial.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|