[17626] in bugtraq
Re: numerous free/paid account systems are vulnerable to
daemon@ATHENA.MIT.EDU (Pavel Korovin)
Mon Nov 13 12:06:10 2000
Mail-Followup-To: bugtraq <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001112220636.A8975@tsinet.ru>
Date: Sun, 12 Nov 2000 22:06:37 +0300
Reply-To: Pavel Korovin <pvk@TSINET.RU>
From: Pavel Korovin <pvk@TSINET.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0011110014570.30343-100000@dione.ids.pl>; from
lcamtuf@DIONE.IDS.PL on Sat, Nov 11, 2000 at 12:23:39AM +0100
Michal Zalewski (lcamtuf@DIONE.IDS.PL) wrote:
>
> Mkey. During futher investigations I've found recent RH releases (6.2 and
> 7.0) seems to be not affected by this problem. But, as numerous systems
> are still based on older releases, and there were no security advisories
> on this silently fixed problem, shadow-utils might be still used in
> previous versions. I am, in fact, still using the old package, and haven't
> checked for the updates (sorry). This does not change the fact numerous
> systems are vulnerable.
>
> - Debian 2.2 - not vulnerable
> - RedHat below 6.2 - vulnerable
> - RedHat 6.2, 7.0 - not vulnerable
> - Cobalt Linux - vulnerable
> - other distros? I would suspect Corel Linux, SuSE, Mandrake...
> - OpenBSD - seems to be vulnerable, no details
>
> Yes, recent installations might be not vulnerable. Distros with RH-alike
> shadow-utils configuration and without the patch mentioned here by
> Bernhard Rosenkraenzer, are vulnerable. Other systems, like OpenBSD, might
> allow such attacks.
OpenBSD useradd(8) utility is not affected.
adduser(8) is affected, but I think this is sysadmin's deal not be cought
in such trap.
--
Pavel Korovin
SMTP: pvk@tsinet.ru
