[23351] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: UUCP

daemon@ATHENA.MIT.EDU (Bob Howard)
Fri Nov 30 18:16:55 2001

Message-ID: <3C078E21.258BA70A@umich.edu>
Date: Fri, 30 Nov 2001 08:48:17 -0500
From: Bob Howard <reh@umich.edu>
MIME-Version: 1.0
To: Izik <izik@tty64.org>
Cc: vuln-dev@security-focus.com, bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Izik wrote:
> 
> Hello
> 
> i've found buffer overflow in uucp. in BSDi platform
...
> since uucp is by nature suid. and the ownership is by uucp
> i don't see the real profit.

Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode,
and others.  So if I can use this vuln to su uucp, I can trojan e.g.
tip.  Then the next time root runs what he thinks is tip, I've got the
box.

Bob
--
Robert Howard                   University of Michigan
Lead System Administrator       IT Central Services
Strategic Projects Operations


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23351] in bugtraq

Re: UUCP

daemon@ATHENA.MIT.EDU (Bob Howard)Fri Nov 30 18:16:55 2001

daemon@ATHENA.MIT.EDU (Bob Howard)
Fri Nov 30 18:16:55 2001