Re: (ASCEND) [rootshell] Security Bulletin #16 (fwd)

To: Phillip Vandry <vandry@Mlink.NET>
Subject: Re: (ASCEND) [rootshell] Security Bulletin #16 (fwd)
From: Kit Knox <kit@connectnet.com>
Date: Tue, 17 Mar 1998 07:26:16 -0800 (PST)
cc: ascend-users@bungi.com
In-Reply-To: <199803171519.KAA21258@Iodine.Mlink.NET>
Reply-To: Kit Knox <kit@connectnet.com>
Sender: owner-ascend-users@max.bungi.com

On Tue, 17 Mar 1998, Phillip Vandry wrote:

| Well, I tried this on a Pipeline, and the Pipe seemed unaffected. So,
| noticing that the code does not set a valid UDP checksum, I turned off
| UDP checksums on the Pipeline and tried it again. Still no effect.  So I
| tried it on a Max 4048. Still no effect. 

It should work.  I will privately send you a binary.  I will also be
releasing a Java version of the exploit today for all of the non-linux
folks.

| Has anyone been able to use this attack successfully?

Yes.

--

Kit Knox [kit@connectnet.com] - CONNECTnet INS, Inc.


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:

Re: (ASCEND) [rootshell] Security Bulletin #16 (fwd)

From: Phillip Vandry <vandry@Mlink.NET>

Prev by Date: (ASCEND) Re: ascend kill
Next by Date: Re: (ASCEND) [rootshell] Security Bulletin #16 (fwd)
Prev by thread: Re: (ASCEND) [rootshell] Security Bulletin #16 (fwd)
Next by thread: Re: (ASCEND) [rootshell] Security Bulletin #16 (fwd)
Index(es):
- Main
- Thread