[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: simple kde exploit fix

To: BUGTRAQ@NETSPACE.ORG
Subject: Re: simple kde exploit fix
From: Andreas Jellinghaus <aj@DUNGEON.INKA.DE>
Date: Mon, 18 May 1998 20:59:24 +0200
Approved-By: aleph1@NATIONWIDE.NET
In-Reply-To: <19980518174845.56713@colombina.comedia.it>; from Luca Berra on Mon, May 18, 1998 at 05:48:45PM +0200
References: <Pine.LNX.3.96.980517144346.10501A-100000@lurk.kellogg.nwu.edu> <19980518174845.56713@colombina.comedia.it>
Reply-To: Andreas Jellinghaus <aj@DUNGEON.INKA.DE>
Sender: Bugtraq List <BUGTRAQ@NETSPACE.ORG>

the kde packages done by debian were affected by the kde exploit this way:
they were not setuid root, but setgid shadow. so it could be possible to read
/etc/shadow, but not get root rights.

andreas

References:
- simple kde exploit fix
  - From: David Zhao <dzhao@LURK.KELLOGG.NWU.EDU>
- Re: simple kde exploit fix
  - From: Luca Berra <bluca@comedia.it>
- Re: simple kde exploit fix
  - From: Luca Berra <bluca@comedia.it>

Prev by Date: Re: pingflood.c
Next by Date: Re: NFS Shell
Prev by thread: Re: simple kde exploit fix
Next by thread: Re: simple kde exploit fix
Index(es):
- Date
- Thread