[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison.
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison.
- From: Vincent van Scherpenseel <mailinglists@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 May 2005 22:57:16 +0200
On Wednesday 11 May 2005 20:44, KF (lists) wrote:
> Anyone ever wonder why all their security advisories come out for known
> issues two years after they have been found?
>
> Anyone ever wonder why they STILL use a vulnerble version of wu ftpd on
> one of their main servers?
>
> Connected to ftpput.sco.com.
> 220 artemis FTP server (Version 2.1WU(1)) ready.
> Name (ftpput.sco.com:doucheknob):
>
> Move along... nothing to see here but a decrepid OS that no one cares
> about.
> -KF
Keep in mind that you shouldn't fully rely on service banners. These are
easily faked to keep the script kiddies away. I know, that's security through
obscurity, but not the whole world is Full Disclosure.
- Vincent van Scherpenseel
--
http://vincent.vanscherpenseel.nl/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/