2002-10-19 01:42:23

by Breno

[permalink] [raw]
Subject: Exploit for the Kernel

http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/1



Breno


2002-10-19 01:53:34

by David Miller

[permalink] [raw]
Subject: Re: Exploit for the Kernel

From: "Breno" <[email protected]>
Date: Fri, 18 Oct 2002 22:42:12 -0300

http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/1

There is nothing concrete at all about said "exploit".

It looks like just a clever way to divert the victim's
attention from the real mechanism these guys are using
to root peoples boxes.

It is nearly impossible for a TCP frag handling exploit
to allow a root shell and socket to that shell to be
created. So I think the claims are total nonsense.

2002-10-19 02:01:27

by Keith Owens

[permalink] [raw]
Subject: Re: Exploit for the Kernel

On Fri, 18 Oct 2002 18:51:16 -0700 (PDT),
"David S. Miller" <[email protected]> wrote:
> From: "Breno" <[email protected]>
> Date: Fri, 18 Oct 2002 22:42:12 -0300
>
> http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/1
>
>There is nothing concrete at all about said "exploit".
>
>It looks like just a clever way to divert the victim's
>attention from the real mechanism these guys are using
>to root peoples boxes.

Agreed.

>It is nearly impossible for a TCP frag handling exploit
>to allow a root shell and socket to that shell to be
>created. So I think the claims are total nonsense.

The last mail on that thread is interesting[*], fooling the victim into
running a vulnerable version of tcpdump by claiming a vulnerability in
TCP.

[*] http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/2

2002-10-19 02:08:08

by David Miller

[permalink] [raw]
Subject: Re: Exploit for the Kernel

From: Keith Owens <[email protected]>
Date: Sat, 19 Oct 2002 12:07:10 +1000

The last mail on that thread is interesting[*], fooling the victim into
running a vulnerable version of tcpdump by claiming a vulnerability in
TCP.

Yes, I noted that as well.

Another tip off is that ABFrag 'works' on BSD too :-)

2002-10-19 08:43:04

by Keith Owens

[permalink] [raw]
Subject: Re: Exploit for the Kernel

On Sat, 19 Oct 2002 08:39:34 +0200,
Wolfgang Fritz <[email protected]> wrote:
>Breno wrote:
>>http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/1
>See http://www.heise.de (in german):
>
>http://www.heise.de/newsticker/data/pab-18.10.02-000/

English: http://www.heise.de/english/newsticker/data/jk-18.10.02-006/

A message posted on the Security Mailinglist BugTraq about an exploit
for Linux kernels "ABFrags" has turned out to be a fake.

Let it die ...

2002-10-19 06:42:30

by Wolfgang Fritz

[permalink] [raw]
Subject: Re: Exploit for the Kernel

Breno wrote:

>
http://online.securityfocus.com/archive/1/295855/2002-10-15/2002-10-21/1
>
>
>
> Breno
>
See http://www.heise.de (in german):

http://www.heise.de/newsticker/data/pab-18.10.02-000/

Wolfgang

> -
> To unsubscribe from this list: send the line "unsubscribe
> linux-kernel" in the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/