[15075] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: kscd vulnerability

daemon@ATHENA.MIT.EDU (Katherine M. Moussouris)
Fri May 26 15:08:52 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.LNX.4.20.0005252254070.28387-100000@qubit.dev.us.tlan>
Date:         Thu, 25 May 2000 23:50:35 -0700
Reply-To: "Katherine M. Moussouris" <k8e@TURBOLINUX.COM>
From: "Katherine M. Moussouris" <k8e@TURBOLINUX.COM>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.LNX.3.96.1000525104753.621A-100000@ati10.cs.uni-potsdam.de>

On Thu, 25 May 2000, Sebastian wrote:

> On Wed, 24 May 2000, Matt Wilson wrote:
>
> > Red Hat Linux does not ship kscd setuid.
> >
> > Matt
> I never said so.
> I said it comes _setgid_ disk. I never wrote about RedHat
> even. Exploit was tested uner SuSE 6.4 only.

Sebastian's exploit does NOT work against TurboLinux versions 6.0.4 and
earlier.

According to the comments in his perl script "7350kscd," an affected
system has kscd setgid disk.  TurboLinux, by default, does NOT do this.

-k8e

>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<
Katie Moussouris		Software Engineer
k8e@turbolinux.com		Security Tzarina
(650)228-5000			TurboLinux, Inc.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15075] in bugtraq

Re: kscd vulnerability

daemon@ATHENA.MIT.EDU (Katherine M. Moussouris)Fri May 26 15:08:52 2000

daemon@ATHENA.MIT.EDU (Katherine M. Moussouris)
Fri May 26 15:08:52 2000