Re: Fwd: Multiple vendor 'Taylor UUCP' problems.

From: Todd C. Miller (Todd.Miller@courtesan.com)
Date: 09/09/01

• Next message: Jordan Hubbard: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Previous message: Mike Tancsa: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• In reply to: Kris Kennaway: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Next in thread: Andrey A. Chernov: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Reply: Andrey A. Chernov: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Reply: Kris Kennaway: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: Kris Kennaway <kris@obsecurity.org>
Date: Sat, 08 Sep 2001 19:20:56 -0600
From: "Todd C. Miller" <Todd.Miller@courtesan.com>

In message <20010908180848.A94567@xor.obsecurity.org>
        so spake Kris Kennaway (kris):

> The vulnerability involves uucp being made to run arbitrary commands
> as the uucp user through specifying a custom configuration file - see
> bugtraq. There may be other problems resulting from user-specified
> configuration files. I don't have time to go through the code and fix
> up the revocation of privileges right now..in the meantime, this
> prevents the root exploit where a user replaces a uucp-owned binary
> like uustat, which is called daily by /etc/periodic.

Is there really any reason to run uustat as root? Why not just run
it as user uucp via su? For that matter, running non-root owned
executables from daily seems like a really bad idea.

 - todd

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Jordan Hubbard: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Previous message: Mike Tancsa: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• In reply to: Kris Kennaway: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Next in thread: Andrey A. Chernov: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Reply: Andrey A. Chernov: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Reply: Kris Kennaway: "Re: Fwd: Multiple vendor 'Taylor UUCP' problems."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Fwd: Multiple vendor Taylor UUCP problems. ... >> The vulnerability involves uucp being made to run arbitrary commands ... >> as the uucp user through specifying a custom configuration file - see ... (FreeBSD-Security) Re: Fwd: Multiple vendor Taylor UUCP problems. ... > uucp binaries in question. ... uustat is executed by default by root in ... uustat must be executed by 'su -m uucp' in any case. ... (FreeBSD-Security) Re: Fwd: Multiple vendor Taylor UUCP problems. ... >> as the uucp user through specifying a custom configuration file - see ... >> prevents the root exploit where a user replaces a uucp-owned binary ... There is no needs to deal with privileges revocation at all if ... (FreeBSD-Security) Re: Fwd: Multiple vendor Taylor UUCP problems. ... > as the uucp user through specifying a custom configuration file - see ... It's not clear how you would fix revocation of privileges on this ... (FreeBSD-Security) Redhat 7.0 local root (via uucp) (attempt 2) ... Redhat 7.0 local root ... An earlier versionof makewhatis had a fault in the handling of ... compressed files that allowed execution of arbitrary commands as root. ... Taylor UUCP package and uucp exploit. ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-09