Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems

From: Borja Marcos (borjamar@sarenet.es)
Date: 04/12/02

Next message: Borja Marcos: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
Previous message: Eric Anderson: "Re: ipfw and samba"
In reply to: Brett Glass: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
Next in thread: Borja Marcos: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
Reply: Borja Marcos: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Borja Marcos <borjamar@sarenet.es>
To: security@freebsd.org
Date: Fri, 12 Apr 2002 21:20:30 +0200

On Friday 12 April 2002 07:58, you wrote:
> That's good to know! It looks as if NetBSD and Darwin have this feature
> as well. But SunOS 5.8 doesn't (at least according to the docs at
> http://www.freebsd.org/cgi/man.cgi?query=mail&apropos=0&sektion=0&manpath=S
>unOS+5.8&format=html), so Solaris may be vulnerable.

I have just tested Solaris 8 and it is not vulnerable. However, this is very
old news. I reported a security hole in SCO Unix to CERT in 1993. I used this
"feature" to modify root's crontab simply running a script which printed "~!
commands" from "at".

An a security problem with reverse fingers and TCP Wrapper (see Wietse
Venema's "Murphy's Laws and Computer Security") exploited exactly the same.
As far as I know, that behavior was removed from mail programs; they only
accept escape sequences (at least the ~!) when running from a terminal.

Borja.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Borja Marcos: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
Previous message: Eric Anderson: "Re: ipfw and samba"
In reply to: Brett Glass: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
Next in thread: Borja Marcos: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
Reply: Borja Marcos: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems
... It looks as if NetBSD and Darwin have this feature ... But SunOS 5.8 doesn't (at least according to the docs at ...
(FreeBSD-Security)
Re: Connection string/Sql Server 2005/Windows authentication/ but not on domain
... Not technically considered a security hole. ... This is a "feature" of the Windows OS. ... But since I have the same users and same passwords on both computers, ...
(microsoft.public.sqlserver.connect)
Re: DRAM data persistence
... This is very correct otherwise there would be a huge security hole. ... Name ONE operating system that does this. ... imaginary OS feature. ... MVS, and I believe any other OS that is B2 rated. ...
(sci.electronics.design)
Re: DRAM data persistence
... Nico Coesel wrote: ... This is very correct otherwise there would be a huge security hole. ... Name ONE operating system that does this. ... imaginary OS feature. ...
(sci.electronics.design)
Re: how to logon to DC
... What OS - NT or Win2K? ... > i know this is a security hole But I want to know how to ... > the 'domain security' feature in there. ... > please help thx ...
(microsoft.public.win2000.security)