There aren't many details on the exploit at this point, but the
descriptions have said it is remotely exploitable on the client. If
this is the case, I would suspect the attack vector to be using one of
the two cliient listening ports - udp/2967 or udp/38293. If you're
paranoid, you might want to block these at the firewall. I haven't seen
any activity on our sensors [yet].
Jeff
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *