Comment by Purplish9893

1 month ago

If I run `nc -l 31337 | sh` that puts my system into a remotely exploitable state, but that doesn't mean that nc or sh have RCE vulnerabilities, or that operating systems which allow installing nc and sh have RCE vulnerabilities.

2 comments

Purplish9893

Reply
haswell  1 month ago

nc and sh are well known and documented tools. Their existence on a system and running state can be inspected and the implications of various configurations is well understood.

If someone just discovered nc in the wild and up to that point it had been unknown, people would put that bit of software in a very different category than the one it exists in today.

huang_chung  1 month ago

> If I run `nc -l 31337 | sh` that puts my system into a remotely exploitable state

Quick, before someone posts this to Mastodon and gives presentation at security conference with title:

Living off the Land: the Hidden Threat Within