[17875] in bugtraq
Re: BSDi 3.0/4.0 rcvtty gid=tty exploit... (mh package)
daemon@ATHENA.MIT.EDU (Dan Harkless)
Fri Dec 1 12:44:50 2000
Message-ID: <200012010456.UAA18008@dilvish.speed.net>
Date: Thu, 30 Nov 2000 20:56:35 -0800
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Chris Sharp <v9@FAKEHALO.ORG> of "Mon, 27 Nov 2000
03:04:00 GMT." <20001127030400.5970.qmail@securityfocus.com>
Chris Sharp <v9@FAKEHALO.ORG> writes:
> well, i dont know if rcvtty is suppost to be
> setgid in general, since ive never seen it setgid
> on anything but BSDi 3.0 and 4.0. but
> none-the-less, here is a exploit i wrote for it:
In nmh (mh's actively-maintained descendant), at least, rcvtty is not
installed setgid. Not sure if there's a BSD port of nmh that makes it so,
though.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
