And the key point here is that "getting in" simply requires modifying known exploits against vulnerable software with an S/390-specific payload. Now that the discussion has begun in the cracker world, it will not be long before we start seeing that happen. How many of the readers of this mailing list are still running a version of Apache that is accessible from the internet and doesn't have the "chunk encoding" fix installed? Every last one of those is vulnerable to a remote attack.
We all have to keep in mind that the security systems we're used to having protect us, such as RACF, ACF2, VM Secure, etc., aren't at work in the Linux/390 world, in most cases. This is UNIX/Linux software requiring the same attention to security fixes as the rest of the UNIX/Linux world. Mark Post -----Original Message----- From: Dennis Wicks [mailto:dennisw@;cdg.ws] Sent: Wednesday, October 30, 2002 9:34 AM To: [EMAIL PROTECTED] Subject: Re: Probably the first published shell code example for Linux/390 Greetings; They key phrase here is "(if they get in)". The article itself isn't even up to the "Assembler For Dummies" level and doesn't reveal any great secrets about getting into the system. This is just the latest in a long string of writings by someone who doesn't know much about S/390 systems for others who don't know anything about S/390 systems. All it does is increase the authors prestige among his peers and spread FUD amongst the uninformed. Now, if the article detailed an exploit of a buffer overrun in Apache or Websphere on Linux/390 that would allow execution of rm -r / as root, that would be cause for alarm! Good Luck! Dennis |--------+-----------------------------------------> | | Franco Fiorese | | | <[EMAIL PROTECTED]| | | uzione.it> | | | Sent by: Linux on 390 Port | | | <[EMAIL PROTECTED]> | | | | | | | | | 10/30/02 02:14 PM | | | Please respond to Linux on 390 | | | Port | | | | |--------+-----------------------------------------> >--------------------------------------------------------------------------- ----------------------------| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: Probably the first published shell code example for Linux/390 | >--------------------------------------------------------------------------- ----------------------------| Time to get aware of security concerns about Linux on 390. The last issue of the phrack magazine (a famous hacker magazine) has an article on how to write a shellcode on the Linux 390 platform with a complete working example. Here is the URL of the article about the shellcode: http://www.phrack.org/show.php?p=59&a=130 I have tested it and seems to works fine. With such pieces of code also the 390 platform (with Linux on it) can be really open to external attacker (if they get in). Franco Fiorese EDS Italy
