RE: [SLUG] Insight on Code Red II

From: Wyly Wade (wyly.wade@forefrontinc.com)
Date: Thu Aug 09 2001 - 15:04:39 EDT


and actually Matt one of my favorite exploits is number 5 on the top_ten
sans list.

-----Original Message-----
From: Miller, Matt [mailto:Matt.Miller@expanets.com]
Sent: Thursday, August 09, 2001 1:28 PM
To: 'slug@nks.net'
Subject: RE: [SLUG] Insight on Code Red II

> And those "extreme" weaknesses would be what?

How about various remote root exploits in apache, bind, procmail,
sendmail,
etc...?-- just to name a few of the obvious. Read the revision histories
on
these products/services. Arguably these root exploits aren't
necessarily
Linux specific, but inherent in any UNIX style OS running standard
remote
services. Typically these exploits are a result of buffer overflows --
sounds familiar, huh? Up until recently*, almost all DoS attacks have
come
from compromised UNIX based servers. Attached are some links from SANS:

http://www.sans.org/infosecFAQ/sysadmin/apache.htm
http://www.sans.org/infosecFAQ/DNS/sec_BIND.htm
http://www.sans.org/infosecFAQ/threats/top_ten.htm

Matt

* until of course microsoft deployed a raw sockets tcp/ip stack with
Win2000



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:56:54 EDT