[2950] in bugtraq
[linux-security] sliplogin (fwd)
daemon@ATHENA.MIT.EDU (Paul Danckaert)
Tue Jul 16 20:39:50 1996
Date: Tue, 16 Jul 1996 19:21:46 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Paul Danckaert <pauld@umbc.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Interesting. The code is the same on FreeBSD, it looks like. However, on
the default distributed system, there isn't a /etc/sliphome directory,
which is necessary for sliplogin to startup correctly. Therefore the
standard FreeBSD distribution dies out before it gets anywhere near the
system command. If you do run slip off of your system however, its much
more possible that bad things can happen..
paul
---------- Forwarded message ----------
Date: Tue, 16 Jul 1996 15:27:19 -0500
From: David Holland <dholland@hcs.HARVARD.EDU>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Subject: [linux-security] sliplogin
Anyone running a version of sliplogin older than sliplogin-2.1.0
(which can be gotten from sunsite.unc.edu:/pub/Linux/system/Network/serial
or ftp.uk.linux.org:/pub/linux/Networking/transports) should remove it
or upgrade it immediately.
It does
setuid(0);
if (s = system(logincmd)) {
:
}
without clearing the environment first. Therefore, anybody can get
root trivially.
The sliplogin from NetKit-B-0.06 is affected.
Current RedHat sliplogin is not affected.
Others I don't know about.
--
- David A. Holland | Number of words in the English language that
dholland@hcs.harvard.edu | exist because of typos or misreadings: 381
