[3111] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: security limitation for RSAAuthentication with StrictModes

daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Aug 12 12:10:07 1996

Date: 	Mon, 12 Aug 1996 09:47:55 +0100
Reply-To: coxa@cableol.net
From: Alan Cox <coxa@cableol.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>

mhpower@MIT.EDU wrote:

>   Debian Linux, including version 1.1, and specifically including
>   versions 1.1.0-13 and 1.1.0-14 of the "base" package. Check
>   /etc/passwd for:  nobody:*:65534:65534:nobody:/tmp:/bin/sh
>
>   SunOS versions outside of the Solaris 2.x series, including SunOS
>   4.1.4. Check /etc/passwd for:  uucp:*:4:8::/var/spool/uucppublic:

These should also be fixed because there are other tools that don't
check ownership and rules (like fingerd). True ssh should have
yelled about the problem and refused to log you in, also true nobody
should have shipped such an elementary mistake

Alan


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3111] in bugtraq

Re: security limitation for RSAAuthentication with StrictModes

daemon@ATHENA.MIT.EDU (Alan Cox)Mon Aug 12 12:10:07 1996

daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Aug 12 12:10:07 1996