FW: SECURITY WATCH: Network protection commentary from InfoWorld.com

[brent harding]

What do buffer overflows do to the system? Do they just make it go down, or
what? I found a security site called rootshell.com that described tons of
exploits from older versions of sendmail, wu_ftpd, and others that when
running this exploit makes some kind of buffer overflow that somehow makes
normal user have root access. How can that happen without knowing the
password or using su? Or does the person get through off of a running cron
job that has root access, taking it's process number over with their shell?
I hear a lot of hyp about what can be done to a system with various shell
scripts.
At 09:19 AM 6/30/00 -0500, you wrote:
>It soubnds like a bunch of crap designed to help sell home users more
>software to me. I am not saying that attacks don't happen. I have a friend
>whos machine was taken over. But the tone of the message was that half our
>problems would be solved if the "vunerable home users" were not out
>there. Like I said, load of crap.
>
>If the author had paid attention the distributed DOS attacks were based in
>a couple universities. Of course those machine s could be secured. Then
>the students wouldn't learn as much contributing to the lack of qualified
>workers in the field. But hey, that is a small price to pay when someone
>has a firewall product to sell.
>
>And I would love to know why the "numerous" buffer overflow problems in
>RedHat and Mandrake haven't been published. The authors failed to notice
>that most of the software for those distibutions is found in many Linux
>distributions. But hey, they will get a few lucrative leads for their
>business of taking care of businessis in the "dot com world."
>
>-- 
>Kirk Wood
>Cpt.Kirk at 1tree.net
>------------------
>
>Seek simplicity -- and distrust it.
>		Alfred North Whitehead
>
>
>
>
>
>_______________________________________________
>Speakup mailing list
>Speakup at braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>