[16439] in bugtraq
Re: Advisory: mgetty local compromise
daemon@ATHENA.MIT.EDU (Chris L. Mason)
Wed Aug 30 15:06:21 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20000829155810.A27454@unixzone.com>
Date: Tue, 29 Aug 2000 15:58:11 -0400
Reply-To: "Chris L. Mason" <cmason@UNIXZONE.COM>
From: "Chris L. Mason" <cmason@UNIXZONE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <4.3.1.2.20000826015347.00b8e220@pop.crosswinds.net>; from
satan@FASTDIAL.NET on Sat, Aug 26, 2000 at 02:23:05AM -0400
On Sat, Aug 26, 2000 at 02:23:05AM -0400, Stan Bubrouski wrote:
...
>
> Believed to be vulnerable:
>
...
> OpenBSD 2.7? (mgetty is included in ports packages)
Looks like someone else realized this at least a couple weeks ago.
$ make
===> mgetty-1.1.21 is marked as broken: insecure tempfile handling: can
overwrite any file on the system.
The cvs log shows:
----------------------------
revision 1.17
date: 2000/08/15 19:38:18; author: brad; state: Exp; lines: +2 -2
even better reason why this should be marked BROKEN,
insecure tempfile handling: can overwrite any file on the system
----------------------------
I'm sure this will be updated to 1.1.22 after an audit is done. :)
Chris
