Re: Question about Local vulnerability in libutil derived with FreeBSD.

From: Clifton Royston (cliftonr@lava.net)
Date: 09/21/01 

Date: Fri, 21 Sep 2001 08:53:06 -1000
From: Clifton Royston <cliftonr@lava.net>
To: Rumen Telbizov <altares@einet.bg>, bugtraq@securityfocus.com
Subject: Re: Question about Local vulnerability in libutil derived with FreeBSD.
Message-ID: <20010921085306.B17822@lava.net>

On Fri, Sep 21, 2001 at 09:45:52AM -0700, Seth Arnold wrote:
> On Fri, Sep 21, 2001 at 12:31:12PM +0300, Rumen Telbizov wrote:
> > I tried the above vunlarability on 2 FreeBSD 4.3-RELEASE
> > boxes and it worked out! I tried this on one Linux RH6.2 box
> > with OpenSSH installed on it and it DID NOT work.
>
> This latest vulnerability is specific to systems that have implemented
> the BSD authentication class scheme. So, as far as I know, the only
> systems that could be vulnerable to this particular problem are BSDi,
> FreeBSD, OpenBSD, and possibly NetBSD.[1] So far, there have been
> confirmations of FreeBSD vulnerability, a compellingly good description
> of why OpenBSD is not vulnerable, and (as far as I remember) no feedback
> from BSDi or NetBSD.

According to its documentation BSD/OS (BSDi) only supports the primary
/etc/login.conf, and does not support the user-level ~/login.conf
construct, as of BSD/OS 4.1 (haven't checked 4.2 yet). This seems to
render the whole issue irrelevant for BSD/OS.

I've tested and confirmed this on one BSD/OS 4.1 system. Unless my
test is incorrect, it doesn't appear I can override or set anything at
all from ~/login.conf.
  -- Clifton 

-- 
 Clifton Royston  --  LavaNet Systems Architect --  cliftonr@lava.net
   WWJD?   "JWRTFM!" - Scott Dorsey (kludge)   "JWG" - Eddie Aikau

Relevant Pages