|
From: | rader |
Subject: | Re: cfengine rsa heap remote exploit: part of PTjob project (fwd) |
Date: | Tue, 22 Feb 2005 07:08:44 -0600 |
I should have done a little research before my wasting time on this: it appears that this exploit was attended to back in August of 2004. It is (indeed) unfortunate that this was brought up again--not only because it scared people--but also because the exploit requires access to a trusted system. steve - - - systems & network manager high energy physics university of wisconsin http://lists.gnu.org/archive/html/help-cfengine/2004-08/msg00086.html > ---- Original Message ---- > From: rader > > I've got it compiled. It doesn't break into nor crash 2.1.3 on > redhat 7.3--that's the only pre-2.1.8 version I've got. > > Perhaps it only works on 2.1.7p1? > > (Had to fix a bug in arg parsing to get it to use the -t 5 crash > mode... should be -t arg code should be (sizeof(targets)/20)+1 > instead of sizeof(targets)/28. Some elements have been removed > from struct targets[]??) > > steve > - - -
[Prev in Thread] | Current Thread | [Next in Thread] |