aterm 0.4.2 tty permission weakness
From: Maarten Tielemans (TTIelu_DaInfraCrew_at_hotmail.com)
Date: 07/13/04
- Previous message: phrack staff: "phrack #62 has been released"
- Next in thread: Armin Wolfermann: "Re: aterm 0.4.2 tty permission weakness"
- Reply: Armin Wolfermann: "Re: aterm 0.4.2 tty permission weakness"
- Reply: Coleman Kane: "Re: aterm 0.4.2 tty permission weakness"
- Reply: Sebastian Hans: "Re: aterm 0.4.2 tty permission weakness"
- Reply: lorenzo: "Re: [security] aterm 0.4.2 tty permission weakness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 13 Jul 2004 16:04:18 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
Aterm has an issue with creating a terminal.
A quick ‘ls –al’ on a aterm with ‘mesg y’ shows:
crw--w--w- 1 alsdk users 5, 3 Jul 13 17:27 /dev/ttyp3
with ‘mesg n’:
crw-----w- 1 alsdk users 5, 3 Jul 13 17:28 /dev/ttyp3
1) World (nobody) is able to ‘echo’ or ‘cat’ towards the terminal
echo “hello” >> /dev/ttyp3
cat mkdir >> /dev/ttyp3
2) The group seems to be incorrect, a normal terminal has default group tty
A xterm with ‘mesg y’ shows :
crw--w---- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5
and with ‘mesg n’ :
crw------- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5
Advice: use xterm
Bug found by TTIelu, reverse engineered by alsdk and TTIelu
- Previous message: phrack staff: "phrack #62 has been released"
- Next in thread: Armin Wolfermann: "Re: aterm 0.4.2 tty permission weakness"
- Reply: Armin Wolfermann: "Re: aterm 0.4.2 tty permission weakness"
- Reply: Coleman Kane: "Re: aterm 0.4.2 tty permission weakness"
- Reply: Sebastian Hans: "Re: aterm 0.4.2 tty permission weakness"
- Reply: lorenzo: "Re: [security] aterm 0.4.2 tty permission weakness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
