Re: Sol2.x Mouse EXPLOIT info - CORRECTION

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Casper Dik: "Re: WWW Servers Bandwidth flood on Internet"
• Previous message: Doug Siebert: "Re: Sol2.x Mouse EXPLOIT info - CORRECTION"
• In reply to: Leo Bicknell: "Re: Sol2.x Mouse EXPLOIT info - CORRECTION"
• Next in thread: Doug Siebert: "Re: Sol2.x Mouse EXPLOIT info - CORRECTION"

In message <199501181524.KAA24318@ussenterprise.async.vt.edu>, Leo Bicknell wri
tes:
>	Ok, I'll point out a few things.  "#" is not a valid charactor
>in a host name, and a good bind server will not return it.  I was
>unable to get my bind server to return a hostname with a # in it,
>so even if someone hacked the bind server for your site it wouldn't
>matter.  

I don't know of any BIND server which won't let you put in a "#" in
a host name.  I've done quite a bit of checking of DNS, and I've found
quite arbitrary characters in people's DNS data.  You can argue
to the contrary, but that's beyond the scope of this list.

>	Another thing not considered, is that by default under Ultrix
>all the network tty's are _unsecure_ meaning root cannot log in on
>them no matter what .rhosts says.  Unless you have changed this it
>is absolutely not possible for this to be a problem.

You mean except for "rsh ultrixhost rm -rf /"

Remember, with /.rhosts, having unsecure ttys has no effect.

--Dave

• Next message: Casper Dik: "Re: WWW Servers Bandwidth flood on Internet"
• Previous message: Doug Siebert: "Re: Sol2.x Mouse EXPLOIT info - CORRECTION"
• In reply to: Leo Bicknell: "Re: Sol2.x Mouse EXPLOIT info - CORRECTION"
• Next in thread: Doug Siebert: "Re: Sol2.x Mouse EXPLOIT info - CORRECTION"