Re: [Full-disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : chroot A known exploit can break a chroot prison.

["KF (lists)" <kf_lists@xxxxxxxxxxxxxxxxxxx>]

Vincent van Scherpenseel wrote:

> On Wednesday 11 May 2005 20:44, KF (lists) wrote:
>  
>
> > Anyone ever wonder why all their security advisories come out for known
> > issues two years after they have been found?
> >
> > Anyone ever wonder why they STILL use a vulnerble version of wu ftpd on
> > one of their main servers?
> >
> > Connected to ftpput.sco.com.
> > 220 artemis FTP server (Version 2.1WU(1)) ready.
> > Name (ftpput.sco.com:doucheknob):
> >
> > Move along... nothing to see here but a decrepid OS that no one cares
> > about.
> > -KF
> >    
>
> Keep in mind that you shouldn't fully rely on service banners. These are 
> easily faked to keep the script kiddies away. I know, that's security through 
> obscurity, but not the whole world is Full Disclosure.
>
> - Vincent van Scherpenseel
>
>  

keep in mind that this has been like this for *YEARS*.  I highly doubt 
they have gone through the trouble of faking output for the format 
string vulnerability. Telnet to the port and test the site exec shit by 
hand yourself... although I have not checked I would almost bet you get 
memory addresses popping up.

I actually spoke to previous sco admins about it when I used to work 
with them on security issues. At the time they could not track down the 
admin of the box... after the caldera merger I would imagine it just sat 
there.

http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/008577.html

-KF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/