[7555] in bugtraq
Re: irix-6.2 "at -f" vulnerability
daemon@ATHENA.MIT.EDU (Klaus)
Fri Aug 7 15:30:36 1998
Date: Thu, 6 Aug 1998 14:24:56 -0400
Reply-To: Klaus <klaus@imprint.uwaterloo.ca>
From: Klaus <klaus@IMPRINT.UWATERLOO.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <11CA37F36CB@csd.inp.nsk.su>
> > -------
> > Subject: irix-6.2 "at -f" vulnerability
> >
> > The irix-6.2 "at -f" vulnerability was mentioned on BUGTRAQ a while back. [1]
> > Unfortunately SGI has not issued an advisory on this, nor does it appear
> > in their security patches list at www.sgi.com as of Aug 4, although a
> > patch *has* been made available.
> >
> > The patch number is 3184 and those with SGI Surfzone IDs can get it
> > by searching for "3184" at SGI's web site. The top-level description
> > says it is for 6.4, but the patch README mentions 6.2 bugs which are
> > patched.
>
> Irix 6.5 (6.5-BETA-1274425944) is also vulnerable.
> "at -f /etc/shadow now + 1 minute" gently mails you the encrypted passwords.
>
The 6.2 version is obliging enough to do the same; and "at -f" will cause
a segv (no core) as a regular user, and a coredump as root.
About the 6.4 patch (number 3184) - swmgr complains about its current
version being too old to handle the patch set; i haven't tried using inst,
but i expect the same problem. has anyone else managed to circumvent this
issue, and if so, how?
thanks,
Klaus
--
TODO:
1) learn how to use my new Unix account.
2) learn how to change this list.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzWQQ7QAAAEEALulvoUfgDSsm9FkcznQ4z4EZrjBlPPcNqLm9HKD2QSEcJKU
7ewiIVKEPkQc0PLRlsedwv8VN4TruzNhsIigHmRkBoyb4UYLIVRDXqirhJmsvkaW
f0/ahkd+sy35AAiWi8xu0tSISbd8P5sHr5l+1tJH2Z/mQ8OkZBfiXzM9H40RAAUT
tA9LbGF1cyBQLiBTdGVkZW6JAJUDBRA1kEkoF+JfMz0fjREBAVIeBACnEmwA+sLS
RmWadyEtI9vL9FT+qv6o77sm0AptBy+ZAnCK20V1TyjwyTs1nHSkfWJxABx9zWUH
DtMN3vZ/2Q/mnYDUcJEwH/p2e29ETYA7ss/eRBOW4DQ226uYN2R2HTtFB8ZhWS4a
1UovSLmVDsk0FX5q7DXkGToVRl/u9boK4Q==
=KfVd
-----END PGP PUBLIC KEY BLOCK-----
