On Tue, Jun 16, 1998 at 07:42:04PM -0700, Marcus Johnson wrote: > On Fri, 29 May 1998 Marcus Brinkmann wrote: > > >> So, given the fact I'm not in a position to compel the admin to upgrade > >> to Debian 1.3 or 2.0 (but can and will lobby for it), > > >Probably your admin will feel more necouraged if you show him some of the > >root shell expoits that have been found since them (no, I won't tell you > >any). Debian 1.1 is pretty old. > > Is there a list of 1.1 bugs someplace? AFAIK no...The bug datbase is cleared out after 28 days...and I don't know if they are archived anywhere. > What are these "root shell exploits" that Marcus refered to? "Root Shell Exploits" are bugs in programs that either run as root (like a network service deamon like telnetd) or are SUID root (which also means they run AS root..but more like su or passwd). These are bugs which can be "used" by an attacker to get a "root shell" (basically bash or some equivalent shell with root privs) This of course gives them acess to teh entire system just liek a 'legal' sys admin. There are many types of such exploits (and even other types of exploits, which may not give a root shell, but may delete an arbitrary file of the attackers choosing etc) Many such exploits can be found on www.rootshell.com if you are interested. (BTW if you are really interested in security I would recommend checking out the BUGTRAQ mailing list) -Steve -- ** Stephen Carpenter ** ** ** ** ** ** ** ** ** ** ** ** sjc@delphi.com ** "Maturity is often more absurd than youth and very frequently is most unjust to youth" -- Thomas Edison
Attachment:
pgpBESNrL6JiM.pgp
Description: PGP signature