[22696] in bugtraq
Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)
daemon@ATHENA.MIT.EDU (David Terrell)
Thu Sep 20 18:09:52 2001
Date: Thu, 20 Sep 2001 14:59:39 -0700
From: David Terrell <dbt@meat.net>
To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Cc: bugtraq@securityfocus.com
Message-ID: <20010920145939.A7143@pianosa.catch22.org>
Reply-To: David Terrell <dbt@meat.net>
Mail-Followup-To: David Terrell <dbt@meat.net>,
Przemyslaw Frasunek <venglin@freebsd.lublin.pl>,
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <007b01c1420d$3ca92290$2001a8c0@clitoris>; from venglin@freebsd.lublin.pl on Thu, Sep 20, 2001 at 09:48:34PM +0200
On Thu, Sep 20, 2001 at 09:48:34PM +0200, Przemyslaw Frasunek wrote:
> [snip]
> in session.c, which allows to read ANY file in system with superuser
> privileges, by defining:
>
> default:\
> :copyright=/etc/master.passwd:
> or
> :welcome=/etc/master.passwd:
> in user's ~/.login_conf.
>
> [snip telnetd/login]
> default:\
> :nologin=/etc/master.passwd:
>
> [blah blah FreeBSD core]
>
> Official advisory is pending. It's possible, that other *BSD systems,
> supporting login capability database are also vulnerable.
I can't duplicate either of these with OpenBSD 2.9.
--
David Terrell | "My question is, if a mime types, isn't
dbt@meat.net | that kinda cheating?"
http://wwn.nebcorp.com/ | - Jason Zych
