[1999] in bugtraq
Re: Exploit for Linux wu.ftpd hole
daemon@ATHENA.MIT.EDU (Michael Shields)
Fri Jul 7 22:25:47 1995
Date: Thu, 6 Jul 1995 23:33:54 +0000
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Michael Shields <shields@tembel.org>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <Pine.LNX.3.91.950705175939.1572B-100000@phoenix.org> from "Mike
Edulla" at 1995-07-05 18:06:10
> minicom has a known, but not very well-known hole in it that is nearly
> identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71
> version of minicom, you can get root,
What is minicom doing as root? It should be setgid dialout.
Is Slackware really doing that?
> There also apepars to be a bug in syslog. If you do something like:
>
> grep -v "ROOT" messages > mmm; mv mmm messages
This isn't a security hole since users shouldn't be able to write to
/var/log/messages.
> Logging is disabled, I suspect this problem is that the file pointer
> maintained by syslog is getting ahead of the physical EOF, and thus
> writes will fail, but this is just a guess, and I havent looked at the
> source to linux's syslog.
When you move something on top of messages, messages is unlinked.
The file is still open, but no longer accessible through the directory
structure.
--
Shields.
