View Single Post
  #3   (View Single Post)  
Old 7th July 2008
deemon's Avatar
deemon deemon is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Estonia
Posts: 50
Default

Yes they can.
Shell is not needed to execute commands using the privileges of the user running the service.
Anyway - weakness in the service running under unprivileged user is used to gain access to local system and then that access is used to run a local root exploit(s) (which are more common than remote root exploits).
About detection - there is no universal and foolproof way. It helps to have syslog logging to remote machine and running stealth IDS systems between services and internet.
__________________
Fhtagn nagh Yog-Sothoth
Reply With Quote