[22705] in bugtraq
Re: Question about Local vulnerability in libutil derived with FreeBSD.
daemon@ATHENA.MIT.EDU (Seth Arnold)
Fri Sep 21 14:31:25 2001
Date: Fri, 21 Sep 2001 09:45:52 -0700
From: Seth Arnold <sarnold@wirex.com>
To: Rumen Telbizov <altares@einet.bg>
Cc: bugtraq@securityfocus.com
Message-ID: <20010921094551.C30987@wirex.com>
Mail-Followup-To: Rumen Telbizov <altares@einet.bg>,
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <001f01c14280$28b5ba50$6e00a8c0@altares>; from altares@einet.bg on Fri, Sep 21, 2001 at 12:31:12PM +0300
On Fri, Sep 21, 2001 at 12:31:12PM +0300, Rumen Telbizov wrote:
> I tried the above vunlarability on 2 FreeBSD 4.3-RELEASE
> boxes and it worked out! I tried this on one Linux RH6.2 box
> with OpenSSH installed on it and it DID NOT work.
This latest vulnerability is specific to systems that have implemented
the BSD authentication class scheme. So, as far as I know, the only
systems that could be vulnerable to this particular problem are BSDi,
FreeBSD, OpenBSD, and possibly NetBSD.[1] So far, there have been
confirmations of FreeBSD vulnerability, a compellingly good description
of why OpenBSD is not vulnerable, and (as far as I remember) no feedback
from BSDi or NetBSD.
Until Linux distributors start shipping BSD authentication support,
Linux users ought to remain pretty safe from this problem.
(With the exception of BSDi, I doubt any other commercial unix-like or
unix vendors ship the BSD authentication stuff. As always, ask your
vendor for details. :)
Cheers! :)
[1]: My apologies to our NetBSD friends; I promise I'll give NetBSD a
test drive someday. :)
