[16459] in bugtraq
Re: Advisory: mgetty local compromise
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Thu Aug 31 05:09:11 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <200008302008.e7UK8o702627@cwsys.cwsent.com>
Date: Wed, 30 Aug 2000 13:08:05 -0700
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@UUMAIL.GOV.BC.CA>
X-To: "Chris L. Mason" <cmason@UNIXZONE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Tue, 29 Aug 2000 15:58:11 EDT."
<20000829155810.A27454@unixzone.com>
In message <20000829155810.A27454@unixzone.com>, "Chris L. Mason"
writes:
> On Sat, Aug 26, 2000 at 02:23:05AM -0400, Stan Bubrouski wrote:
> ...
> >
> > Believed to be vulnerable:
> >
> ...
> > OpenBSD 2.7? (mgetty is included in ports packages)
>
>
> Looks like someone else realized this at least a couple weeks ago.
>
> $ make
> ===> mgetty-1.1.21 is marked as broken: insecure tempfile handling: can
> overwrite any file on the system.
>
> The cvs log shows:
>
> ----------------------------
> revision 1.17
> date: 2000/08/15 19:38:18; author: brad; state: Exp; lines: +2 -2
> even better reason why this should be marked BROKEN,
> insecure tempfile handling: can overwrite any file on the system
> ----------------------------
>
> I'm sure this will be updated to 1.1.22 after an audit is done. :)
FreeBSD realised this about 2 months ago, apparently after it was
discussed here on BUGTRAQ.
http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/comms/mgetty%2bsendfax/Makef
ile
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
