Re: UUCP

From: Bob Howard (reh@umich.edu)
Date: 11/30/01 

Message-ID: <3C078E21.258BA70A@umich.edu>
Date: Fri, 30 Nov 2001 08:48:17 -0500
From: Bob Howard <reh@umich.edu>
To: Izik <izik@tty64.org>
Subject: Re: UUCP

Izik wrote:
>
> Hello
>
> i've found buffer overflow in uucp. in BSDi platform
...
> since uucp is by nature suid. and the ownership is by uucp
> i don't see the real profit.

Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode,
and others. So if I can use this vuln to su uucp, I can trojan e.g.
tip. Then the next time root runs what he thinks is tip, I've got the
box.

Bob 

--
Robert Howard                   University of Michigan
Lead System Administrator       IT Central Services
Strategic Projects Operations

Relevant Pages

  • Re: UUCP
    ... # pkgrm SUNWbnuu SUNWbnurr ... >>> i've found buffer overflow in uucp. ... in BSDi platform ... >> Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode, ...
    (Vuln-Dev)
  • Re: UUCP
    ... Subject: UUCP ... in BSDi platform ... > Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode, ... uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd ...
    (Vuln-Dev)
  • Re: UUCP
    ... Subject: UUCP ... in BSDi platform ... > Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode, ... uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd ...
    (Bugtraq)
  • Re: UUCP
    ... Subject: UUCP ... > i've found buffer overflow in uucp. ... in BSDi platform ... > since uucp is by nature suid. ...
    (Bugtraq)
  • [EXPL] UUCP Family Exploit (uucp / uuparams / uuname)
    ... UUCP Command Line ... Arguments Buffer Overflow, a buffer overflow vulnerability in UUCP allows ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)