[41491] in bugtraq

home help back first fref pref prev next nref lref last post

QNX 4.25 suided dhcp.client binary

daemon@ATHENA.MIT.EDU (lms@fe.up.pt)
Sat Dec 3 15:43:13 2005

Message-ID: <20051203173339.scxughxz40gogc0w@webmail.fe.up.pt>
Date: Sat, 03 Dec 2005 17:33:39 +0000
From: lms@fe.up.pt
To: bugtraq@securityfocus.com, Vuln@frsirt.com,
        full-disclosure@lists.grok.org.uk
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="=_5uwfvth8r6sk"
Content-Transfer-Encoding: 7bit

This message is in MIME format.

--=_5uwfvth8r6sk
Content-Type: text/plain;
	charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello all,

I recently got a QNX 4.25 vmware image and i found that the dhcp.client shi=
pped
with it is suided.

This obviously enables a normal user to control the NIC's configuration and
produce some other attacks (eg: if the system has some services which depen=
d on
'host/ip based' authentication [NFS,NIS,rlogin, etc]).

Some vmware screenshots are available at:
http://lms.ispgaya.pt/goodies/qnx/

I havent got access to other QNX installations so, allthough the person who=
 gave
me the image said the binary wasnt changed, can anybody else confirm this?

Best regards,
+---------------------------------
| Lu=EDs Miguel Ferreira da Silva
| Unidade de Qualidade e Seguran=E7a
| Centro de Inform=E1tica
| Professor Correia Ara=FAjo
| Faculdade de Engenharia da
| Universidade do Porto
--=_5uwfvth8r6sk
Content-Type: application/pgp-keys
Content-Description: PGP Public Key
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.7 (GNU/Linux)

mQGiBEJ54SIRBADAP8EoAbhyKi2KL6uBEELULwp5ZzzpZAw8WsZM8mcO8oR1Nil4
mRR4JChbGz/wYSkbohT+aQa/Y+0+7kvxrDOyGp09uYL/BJn2FaM3sIgiymMsQtws
B6V3CJvy3/Zu0zv/mbFvAdQ8xvXI5OVxCrp+0TDtjX6wMew15/b6WW80swCgof0f
hiDPYobvBQ7hxCLx+4Do7v0EAIlujL3WKdw6tPcETXS3f98aidJc6xW6WmkoHjAD
S46blE42n6FQMAzlNZhEtPIMbprvG11n9otIm8wp3l8TR+JcyIQYPcs49ANqGkPn
LkaFTn5wksgRmviNjF2DjCJ0ZGoU9Q63ABVeOhKyxB45g+1CPr5dVLZiUTb3ow1/
3ZIwA/49D7LQofEfCLrVpylmvcdy5aB0N5KdsRprlL2BVnrs64Wzg3NOYe5VUgx5
ijX1bSUtygb5If3ZyS4Bhg5M9qQ9qaowLBQCwz8DXC7uziCMFmK9bTk65S82EjLa
mEZtGpAIMsoLl5XH7HQuIan08Bsj0izjS6VCSjhh/FGifmeTKrQWQ1NJUlQgPGNz
aXJ0QGZlLnVwLnB0PohbBBMRAgAbBQJCeeEiBgsJCAcDAgMVAgMDFgIBAh4BAheA
AAoJEAgMJjFz7arDguEAn0nxaAN79mFWG3DsoSlsvFDFbhtNAKCbhwj8q1wuRPq+
uvOP5tPoEPgY6rkCDQRCeeE2EAgAsDmqBdsgpuhl1bqTnaQXi3RyVZAmlGygD2mL
0nFmQ2RKvzr0XnwVMYdaWe7A0PoeopMnBERHuSOQ63Rwlj3UmfD5EjTeVjls1RvK
kM/cwaI7WO0Q/UY1hEufuq5v47HnWAxPThRmk0HH5JuwD/6T5xV1HCjPzCtqMyWN
XbkICUoBl4bL07y5zxCRv2+MicMZ1RJtqcLLzy7arNkXT5B2FzZ639NXw4+b8taT
FKaTPaM0EIZASdmPiSbJDHShJU1dxgLD4GfKUZnm+aMZfzeYtdScTXfnENBZQ2Wq
H4h7cSFyrcLgKhJhc1OYQN9r11pwC+J2/v3CFqwciK6D5wLeCwADBgf/R4h04HFT
VQCwwUoMFcVVh5IGneEZ69YUz32A7pdsY66PZwYFVMdRPYyYvnSJWOoWaWnbTAB+
fFk6zXIJ9Pkg7uYvcGylQyR7kNkPNG50WNgv185V7+0z8qR3NtQGDsrVs6KtGRdd
iLx+PjJrxNfPJ4o9tU6Il1Fy2bRwofbQB2s2Z3D22lEnRN9za1qDaqrTQJ0O0WqS
3PTZWgS0F3vKBC4zoBt/SNLPet/Ir0St0Bj/DOafC1jdsTOxTOFemSUXyNaALIqR
Fiu7TsJolxfP0g7LEFKdlb5kI+9W8ygZynqZJ4wLkW/U/hwQ8qen/pdEEA4+fR+v
1gvi2D1geoMrPYhGBBgRAgAGBQJCeeE2AAoJEAgMJjFz7arD9+EAn3LiGxtXm7uz
eH5AmShOriB3wtH6AJwOyQjQj2j4ztKzBPPM70rMtn8NPA==
=xFjz
-----END PGP PUBLIC KEY BLOCK-----

--=_5uwfvth8r6sk--
home help back first fref pref prev next nref lref last post