Vulnerability Name:

CCN-1452

Published:1997-09-01
Updated:1997-09-01
Summary:LOKI is a client/server program published in the online publication Phrack. This program is a working proof-of-concept to demonstrate that data can be transmitted somewhat secretly across a network by hiding it in traffic that normally does not contain payloads. The example code can tunnel the equivalent of a Unix RCMD/RSH session in either ICMP echo request (ping) packets or UDP traffic to the DNS port. This is used as a back door into a Unix system after root access has been compromised. Presence of LOKI on a system is evidence that the system has been compromised in the past.
CVSS v3 Severity:
CVSS v2 Severity:
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Phrack Magazine, Volume 7, Issue 49, Article 06 of 16
Project Loki

Source: CCN
Type: Phrack Magazine, Volume 7, Issue 51, Article 06 of 17
L O K I 2 (the implementation)

Source: XF
Type: UNKNOWN
loki(1452)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    freebsd freebsd 2.1.0
    openbsd openbsd 2.1
    sun solaris 2.6
    freebsd freebsd 2.1.7.1
    freebsd freebsd 2.1.5
    freebsd freebsd 2.1.6
    freebsd freebsd 2.1.7
    freebsd freebsd 2.1.6.1
    sun solaris 1.0
    linux linux kernel 2.0