[24854] in bugtraq
Re: DebPloit (exploit)
daemon@ATHENA.MIT.EDU (Florian Weimer)
Wed Mar 27 17:54:58 2002
To: bugtraq@securityfocus.com, NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Tue, 26 Mar 2002 12:50:33 +0100
Message-ID: <87n0wvo8dy.fsf@CERT.Uni-Stuttgart.DE>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
For our own use, we have rewritten DPfix in Ada so that we have
complete source code for this tool. (DPfix by Radim "EliCZ" Picha
changes the erratic ACL so that it allows access for SYSTEM only.) As
of now, we have not encountered any side effects in our setup.
Our tool is slightly more general (you have to pass the process and
object name on the command line), and it does not require any user
interaction, so it is suitable for startup scripts.
Further information, full Ada source code, and a precompiled binary is
available at:
http://CERT.Uni-Stuttgart.DE/people/fw/tools/chsystem/
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
