Re: UUCP

From: Bob Howard (reh@umich.edu)
Date: 11/30/01


Message-ID: <3C078E21.258BA70A@umich.edu>
Date: Fri, 30 Nov 2001 08:48:17 -0500
From: Bob Howard <reh@umich.edu>
To: Izik <izik@tty64.org>
Subject: Re: UUCP

Izik wrote:
>
> Hello
>
> i've found buffer overflow in uucp. in BSDi platform
...
> since uucp is by nature suid. and the ownership is by uucp
> i don't see the real profit.

Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode,
and others. So if I can use this vuln to su uucp, I can trojan e.g.
tip. Then the next time root runs what he thinks is tip, I've got the
box.

Bob

--
Robert Howard                   University of Michigan
Lead System Administrator       IT Central Services
Strategic Projects Operations