[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit

To: <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
From: "Larry W. Cashdollar" <lwc@vapid.ath.cx>
Date: Fri, 24 Oct 2003 12:24:24 -0400 (EDT)


On Fri, 24 Oct 2003, Philipp Buehler wrote:

> If shellcode matches 0x72, 0x6d, 0x2d and 0x66 .. always be "alerted" :>

Also, if the exploit requires root and it's only calling connect()
thats another tip off.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
  - From: Philipp Buehler <pb+full-disclosure@mlsub.buehler.net>

Prev by Date: RE: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
Next by Date: Re: [inbox] Re: [Full-Disclosure] RE: Linux (in)security
Previous by thread: Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
Next by thread: Re: [Full-Disclosure] ProFTPD-1.2.9rc2 remote root exploit
Index(es):
- Date
- Thread