[17052] in bugtraq
Re: BSD chpass
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Wed Oct 4 16:12:38 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20001004134006.G23877@ewok.creative.net.au>
Date: Wed, 4 Oct 2000 13:40:07 +0800
Reply-To: Adrian Chadd <adrian@CREATIVE.NET.AU>
From: Adrian Chadd <adrian@CREATIVE.NET.AU>
X-To: caddis <caddis@DISSENSION.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001004024548.A516@dissension.net>; from caddis@DISSENSION.NET
on Wed, Oct 04, 2000 at 02:45:48AM +1000
On Wed, Oct 04, 2000, caddis wrote:
> /*
> * TESO BSD chpass exploit - caddis <caddis@dissension.net>
> *
> * greets: #!teso, #!w00w00, #hert!, #ozsecurity, #plus613
> *
> */
[snip]
> strcat(fmt_string, "EDITOR=");
> for (x = 0; x < target->count; x++) {
> strcat(fmt_string, "%8x");
> len += 8;
> }
[snip]
Anything after July 28th in RELENG_4 is clean and anything after
July 12th on -current is clean, so 4.1 and 4.1.1-RELEASE are not
vulnerable.
(in vipw/pw_util.c)
revision 1.17.2.1
date: 2000/07/20 10:35:27; author: kris; state: Exp; lines: +1 -1
MFC: Don't call vfprintf-like functions without a format string.
revision 1.18
date: 2000/07/12 00:49:40; author: kris; state: Exp; lines: +2 -2
Don't call warn() without a format string.
Adrian
--
Adrian Chadd "If a butterfly flaps its wings in China,
<adrian@creative.net.au> will a woman get naked in Amsterdam?"
-- Ashley Penney on Chaos Theory
