[22712] in bugtraq
Re: Question about Local vulnerability in libutil derived with FreeBSD.
daemon@ATHENA.MIT.EDU (Clifton Royston)
Sat Sep 22 18:24:43 2001
Date: Fri, 21 Sep 2001 08:53:06 -1000
From: Clifton Royston <cliftonr@lava.net>
To: Rumen Telbizov <altares@einet.bg>, bugtraq@securityfocus.com
Message-ID: <20010921085306.B17822@lava.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20010921094551.C30987@wirex.com>; from sarnold@wirex.com on Fri, Sep 21, 2001 at 09:45:52AM -0700
On Fri, Sep 21, 2001 at 09:45:52AM -0700, Seth Arnold wrote:
> On Fri, Sep 21, 2001 at 12:31:12PM +0300, Rumen Telbizov wrote:
> > I tried the above vunlarability on 2 FreeBSD 4.3-RELEASE
> > boxes and it worked out! I tried this on one Linux RH6.2 box
> > with OpenSSH installed on it and it DID NOT work.
>
> This latest vulnerability is specific to systems that have implemented
> the BSD authentication class scheme. So, as far as I know, the only
> systems that could be vulnerable to this particular problem are BSDi,
> FreeBSD, OpenBSD, and possibly NetBSD.[1] So far, there have been
> confirmations of FreeBSD vulnerability, a compellingly good description
> of why OpenBSD is not vulnerable, and (as far as I remember) no feedback
> from BSDi or NetBSD.
According to its documentation BSD/OS (BSDi) only supports the primary
/etc/login.conf, and does not support the user-level ~/login.conf
construct, as of BSD/OS 4.1 (haven't checked 4.2 yet). This seems to
render the whole issue irrelevant for BSD/OS.
I've tested and confirmed this on one BSD/OS 4.1 system. Unless my
test is incorrect, it doesn't appear I can override or set anything at
all from ~/login.conf.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr@lava.net
WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau
