[911] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] sliplogin

daemon@ATHENA.MIT.EDU (David Holland)
Tue Jul 16 05:42:43 1996

From: David Holland <dholland@hcs.HARVARD.EDU>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 15 Jul 1996 21:56:36 -0400 (EDT)

Anyone running a version of sliplogin older than sliplogin-2.1.0
(which can be gotten from sunsite.unc.edu:/pub/Linux/system/Network/serial 
or ftp.uk.linux.org:/pub/linux/Networking/transports) should remove it
or upgrade it immediately. 

It does

	setuid(0);
	if (s = system(logincmd)) {
	   :
	}

without clearing the environment first. Therefore, anybody can get
root trivially.

The sliplogin from NetKit-B-0.06 is affected.
Current RedHat sliplogin is not affected.
Others I don't know about.

-- 
   - David A. Holland          | Number of words in the English language that
     dholland@hcs.harvard.edu  | exist because of typos or misreadings: 381

home help back first fref pref prev next nref lref last post