[17627] in bugtraq
Re: numerous free/paid account systems are vulnerable to
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Mon Nov 13 12:21:04 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.21.0011131039280.31869-100000@dione.ids.pl>
Date: Mon, 13 Nov 2000 10:44:01 +0100
Reply-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
X-To: Jeff Bachtel <sebastion@irelandmail.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001112205306.U5027@cepheid.nu>
On Sun, 12 Nov 2000, Jeff Bachtel wrote:
> Starting off with this, I know of no distribution (of OpenBSD, of
> RedHat, of Debian etc.) that has any sort of automatic account
> generation built in.
That's why I am not saying this vulnerability is a problem of specific
distribution, but of a numerous account creation utils - this problem
seems to be generic, you could use any search engine to locate dozens of
adduser.cgi, adduser.pl amd similar scripts invoking system utilities.
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
