[36359] in bugtraq
Re: Linux OpenExchange - cleartext rootpw in swap
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Sep 2 14:50:30 2004
Message-Id: <200409021724.i82HOXhb005932@turing-police.cc.vt.edu>
To: Rainer Duffner <rainer@ultra-secure.de>
Cc: Rene <l0om@excluded.org>, bugtraq@securityfocus.com
In-Reply-To: Your message of "Tue, 31 Aug 2004 20:48:50 +0200."
<26305.84.128.64.126.1093978130.squirrel@84.128.64.126>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_616922166P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Thu, 02 Sep 2004 13:24:33 -0400
--==_Exmh_616922166P
Content-Type: text/plain; charset=us-ascii
On Tue, 31 Aug 2004 20:48:50 +0200, Rainer Duffner said:
> It would be bad, if a non-priviledged user had access to the swap-partition.
> On the two SLOXs I have access to, the swap-partition is only
> group-readable by the "disk" group.
At which point, if you can get access to group "disk", you have probably 0wned
the box completely. So there *is* a privilege escalation issue there.....
--==_Exmh_616922166P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFBN1dRcC3lWbTT17ARAoQPAKC7CiWYpGj7Faqg6K24ovOuK8JpMACgl5NW
Fp4YWbAbtqhZoAv64N0jVwU=
=cB1Z
-----END PGP SIGNATURE-----
--==_Exmh_616922166P--
