[19225] in bugtraq
Re: vixie cron possible local root compromise
daemon@ATHENA.MIT.EDU (Arthur Clune)
Thu Feb 15 14:55:00 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.SGI.4.31.0102141708560.383364-100000@tardis.york.ac.uk>
Date: Wed, 14 Feb 2001 17:12:04 +0000
Reply-To: Arthur Clune <arthur@CLUNE.ORG>
From: Arthur Clune <arthur@CLUNE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010214122114.A3479@hq.alert.sk>
On Wed, 14 Feb 2001, Robert Varga wrote:
> On Mon, Feb 12, 2001 at 03:46:20PM -0800, Blake R. Swopes wrote:
> > Considering what overflows the buffer (your username), it would seem that
> > you'd need root access to begin with in order to craft an exploit. Am I
> > wrong?
>
> Well this could be used to gain root privileges on free shell-account
> servers, which don't do the proper bounds checking and the registration
> process is fully automated...
Many large sites allow front-line staff to add users/reset
passwords/create temp accounts via suid apps (often written in-house). If
this overflow is exploitable then it's possible that it would let
such staff gain root where they didn't have it before.
Arthur
--
Arthur Clune
"You have none. Get over it". Scott McNealy on on-line privacy
PGP Public Key - http://www.clune.org/pubkey.txt
