[20202] in bugtraq
mkpasswd: acutally its worse than just not many passwords
daemon@ATHENA.MIT.EDU (zenith parsec)
Fri Apr 13 12:38:32 2001
Message-ID: <20010413052942.1600.qmail@fiver.freemessage.com>
Date: Fri, 13 Apr 2001 05:29:42 -0000
Reply-To: zenith parsec <zenith_parsec@THE-ASTRONAUT.COM>
From: zenith parsec <zenith_parsec@THE-ASTRONAUT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
due to a fault in expect (the interpreter that runs the mkpasswd script) it is trivially easy to cause arbitrary commands to be executed by someone else.
(under RH7.0 anyway)
the search path for libs for it includes /var/tmp/
check out
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224
for details, and
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187
for an exploit. (Although the 1st is marked as a duplicate of the 2nd, as one of the notes mentions they cover completely different areas. Also note that the severity ratings of both of them are blank? Fjeer)
--zen-parse
*********************
**more to come soon**
*********************
Fix is kinda available.
Sign up for your FREE E-MAIL account @ Dynamitemail:
http://www.dynamitemail.com
