20 Jun
2002
20 Jun
'02
15:30
However, the exploit posted this morning on vulnwatch indicates that such an exploit exists against Linux.
Again: No, the exploit posted on vulnwatch this morning works agains xBSD only.
If you read the comments in the .c file, you will see their claim that they have exploited this under linux. Quoting below: * However, contrary to what ISS would have you believe, we have * successfully exploited this hole on the following operating systems: * * Sun Solaris 6-8 (sparc/x86) * FreeBSD 4.3-4.5 (x86) * OpenBSD 2.6-3.1 (x86) * Linux (GNU) 2.4 (x86) So either they are bluffing or the eploit does exist. I prefer not to assume the former. And I don't exactly consider these folks a trusted third party.