Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)

From: David Terrell (dbt@meat.net)
Date: 09/20/01

• Previous message: Cisco Systems Product Security Incident Response Team: "UPDATE - Cisco Security Advisory: Multiple SSH vulnerabilities"
• In reply to: Przemyslaw Frasunek: "Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)"
• Next in thread: Alexander Yurchenko: "Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)"
• Reply: Alexander Yurchenko: "Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)"
• Reply: Emre Yildirim: "Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 20 Sep 2001 14:59:39 -0700
From: David Terrell <dbt@meat.net>
To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Subject: Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)
Message-ID: <20010920145939.A7143@pianosa.catch22.org>

On Thu, Sep 20, 2001 at 09:48:34PM +0200, Przemyslaw Frasunek wrote:
> [snip]
> in session.c, which allows to read ANY file in system with superuser
> privileges, by defining:
>
> default:\
> :copyright=/etc/master.passwd:
> or
> :welcome=/etc/master.passwd:
> in user's ~/.login_conf.
>
> [snip telnetd/login]
> default:\
> :nologin=/etc/master.passwd:
>
> [blah blah FreeBSD core]
>
> Official advisory is pending. It's possible, that other *BSD systems,
> supporting login capability database are also vulnerable.

I can't duplicate either of these with OpenBSD 2.9.

-- 
David Terrell            | "My question is, if a mime types, isn't 
dbt@meat.net             |  that kinda cheating?"
http://wwn.nebcorp.com/  |    - Jason Zych

---

• Previous message: Cisco Systems Product Security Incident Response Team: "UPDATE - Cisco Security Advisory: Multiple SSH vulnerabilities"
• In reply to: Przemyslaw Frasunek: "Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)"
• Next in thread: Alexander Yurchenko: "Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)"
• Reply: Alexander Yurchenko: "Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)"
• Reply: Emre Yildirim: "Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Question about Local vulnerability in libutil derived with FreeBSD. ... Question about Local vulnerability in libutil derived with FreeBSD. ... RedHat Linux and other Linux distributions doesn't have any login class ... capability database. ... (Bugtraq) Question about Local vulnerability in libutil derived with FreeBSD. ... Question about Local vulnerability in libutil derived with FreeBSD. ... and I'm not so familiar with the libraries and the ... I tried this on one Linux RH6.2 box ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-09