From owner-freebsd-security  Mon Jan 17 11:31: 0 2000
Delivered-To: freebsd-security@freebsd.org
Received: from intranova.net (blacklisted.intranova.net [209.3.31.70])
	by hub.freebsd.org (Postfix) with SMTP id CA56314FBD
	for <freebsd-security@FreeBSD.ORG>; Mon, 17 Jan 2000 11:30:55 -0800 (PST)
	(envelope-from oogali@intranova.net)
Received: (qmail 78901 invoked from network); 17 Jan 2000 14:33:03 -0000
Received: from hydrant.intranova.net (user20884@209.201.95.10)
  by blacklisted.intranova.net with SMTP; 17 Jan 2000 14:33:03 -0000
Date: Mon, 17 Jan 2000 14:28:07 -0500 (EST)
From: Omachonu Ogali <oogali@intranova.net>
To: Alexander Langer <alex@big.endian.de>
Cc: Jonathan Fortin <jonf@revelex.com>, freebsd-security@FreeBSD.ORG
Subject: Re: sh?
In-Reply-To: <20000117165325.C5975@cichlids.cichlids.com>
Message-ID: <Pine.BSF.4.10.10001171427030.92711-100000@hydrant.intranova.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On all systems.

Take a look at some shellcode in the most recent exploits, they either
bind /bin/sh to a port via inetd or execute some program using /bin/sh.

Omachonu Ogali
Intranova Networking Group

On Mon, 17 Jan 2000, Alexander Langer wrote:

> Thus spake Omachonu Ogali (oogali@intranova.net):
> 
> > Most of the exploits out there use /bin/sh to launch attacks.
> 
> On FreeBSD?
> 
> Alex
> 
> -- 
> I doubt, therefore I might be. 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message