[17606] in bugtraq
Re: numerous free/paid account systems are vulnerable to
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Sun Nov 12 14:04:30 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0011110014570.30343-100000@dione.ids.pl>
Date: Sat, 11 Nov 2000 00:23:39 +0100
Reply-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
X-To: Alexander Schreiber
<alexander.schreiber@informatik.tu-chemnitz.de>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.4.21.0011102356580.19043-100000@sparta.informatik.tu-chemnitz.de>
On Sat, 11 Nov 2000, Alexander Schreiber wrote:
> Debian 2.2 (potato) default install checks for this:
Mkey. During futher investigations I've found recent RH releases (6.2 and
7.0) seems to be not affected by this problem. But, as numerous systems
are still based on older releases, and there were no security advisories
on this silently fixed problem, shadow-utils might be still used in
previous versions. I am, in fact, still using the old package, and haven't
checked for the updates (sorry). This does not change the fact numerous
systems are vulnerable.
- Debian 2.2 - not vulnerable
- RedHat below 6.2 - vulnerable
- RedHat 6.2, 7.0 - not vulnerable
- Cobalt Linux - vulnerable
- other distros? I would suspect Corel Linux, SuSE, Mandrake...
- OpenBSD - seems to be vulnerable, no details
Yes, recent installations might be not vulnerable. Distros with RH-alike
shadow-utils configuration and without the patch mentioned here by
Bernhard Rosenkraenzer, are vulnerable. Other systems, like OpenBSD, might
allow such attacks.
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
