James Nord <[EMAIL PROTECTED]> writes: >> Theo de Raadt said in a post to Bugtraq the exploit won't work on >> sshd with privilege seperation enabled, however even if it did work >> it'd be better to have an attacker get a chrooted shell with no >> privs instead of root access to the entire system.
> In which case you just need a local exploit to go with your remote exploit. Or you don't care about the local system ressources at all and just abuse the network (like some Code Red variant did). -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
