[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
From: Pavel Korovin <pvk@TSINET.RU>
Date: Sun, 12 Nov 2000 22:06:37 +0300

Michal Zalewski (lcamtuf@DIONE.IDS.PL) wrote:
>
> Mkey. During futher investigations I've found recent RH releases (6.2 and
> 7.0) seems to be not affected by this problem. But, as numerous systems
> are still based on older releases, and there were no security advisories
> on this silently fixed problem, shadow-utils might be still used in
> previous versions. I am, in fact, still using the old package, and haven't
> checked for the updates (sorry). This does not change the fact numerous
> systems are vulnerable.
>
> - Debian 2.2 - not vulnerable
> - RedHat below 6.2 - vulnerable
> - RedHat 6.2, 7.0 - not vulnerable
> - Cobalt Linux - vulnerable
> - other distros? I would suspect Corel Linux, SuSE, Mandrake...
> - OpenBSD - seems to be vulnerable, no details
>
> Yes, recent installations might be not vulnerable. Distros with RH-alike
> shadow-utils configuration and without the patch mentioned here by
> Bernhard Rosenkraenzer, are vulnerable. Other systems, like OpenBSD, might
> allow such attacks.

OpenBSD useradd(8) utility is not affected.
adduser(8) is affected, but I think this is sysadmin's deal not be cought
in such trap.

--
Pavel Korovin
 SMTP: pvk@tsinet.ru

Prev by Date: Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
Next by Date: Re: [MSY] Local root exploit in LBNL traceroute - Part 2
Prev by thread: Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
Next by thread: Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
Index(es):
- Date
- Thread