[12819] in bugtraq
Re: FreeBSD 3.3 gated-3.1.5 local exploit
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Thu Dec 2 14:20:39 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.9912011131060.26230-100000@hub.freebsd.org>
Date: Wed, 1 Dec 1999 11:32:52 -0800
Reply-To: Kris Kennaway <kris@HUB.FREEBSD.ORG>
From: Kris Kennaway <kris@HUB.FREEBSD.ORG>
X-To: Brock Tellier <btellier@USA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991130223106.15090.qmail@nwcst323.netaddress.usa.net>
On Tue, 30 Nov 1999, Brock Tellier wrote:
> /usr/local/bin/gdc contains a buffer overflow that may ONLY be exploited
> by the group 'wheel'. According to the man page the default group is
> "gdmaint", but it was not installed this way by default on my system, nor
> were any instructions given to make a gdmaint group. The overflow comes
This is a problem, but it's not just with FreeBSD - obviously if you
follow these instructions then you're just giving root to members of
gdmaint, not wheel (which may in fact be worse, if you trust people to use
gdc who you don't trust with the wheel bit (i.e. those who can legally su
to root if they knew the password)).
Kris
