[15483] in bugtraq
Re: [Stan Bubrouski : Re: rh 6.2 -
daemon@ATHENA.MIT.EDU (Stan Bubrouski)
Mon Jun 26 16:18:53 2000
Message-Id: <20000624210912.21243.qmail@securityfocus.com>
Date: Sat, 24 Jun 2000 21:09:12 -0000
Reply-To: Stan Bubrouski <satan@FASTDIAL.NET>
From: Stan Bubrouski <satan@FASTDIAL.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <CMM.0.90.4.961875665.fdc@watsun.cc.columbia.edu>
>In any case, even with a successful buffer exploit that
>executes its own set[ug]id() call, the most to be gained is
>access to the dialout device and lockfile directory, which
>is not exactly a Chernobyl-class catastrophe.
Yeah but that's not considering that commands sent to
C-Kermit in server mode could allow someone on the other
end to exploit a buffer and gain access to the uid which
is running C-Kermit. Otherwise you're pretty much right
though if someone were able to gain gid uucp on a system
that relied on uucp to handle services like mail or news
then they would have access to the uucp passwd file which
is of course not very desireable by any means.
-Stan
