mkpasswd: acutally its worse than just not many passwords

From: zenith parsec (zenith_parsec@THE-ASTRONAUT.COM)
Date: Thu Apr 12 2001 - 22:29:42 PDT

Next message: Johnny Cyberpunk: "SUN SOLARIS FTP GLOBBING"

Previous message: ghandi: "Re: SUN SOLARIS 5.6/5.7 FTP Globbing Exploit !"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

due to a fault in expect (the interpreter that runs the mkpasswd script) it is trivially easy to cause arbitrary commands to be executed by someone else.
(under RH7.0 anyway)

the search path for libs for it includes /var/tmp/

check out 

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224

for details, and

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187

for an exploit. (Although the 1st is marked as a duplicate of the 2nd, as one of the notes mentions they cover completely different areas. Also note that the severity ratings of both of them are blank? Fjeer)

--zen-parse

*********************
**more to come soon**
*********************


Fix is kinda available.


Sign up for your FREE E-MAIL account @ Dynamitemail:
http://www.dynamitemail.com

Next message: Johnny Cyberpunk: "SUN SOLARIS FTP GLOBBING"
Previous message: ghandi: "Re: SUN SOLARIS 5.6/5.7 FTP Globbing Exploit !"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 10:40:39 PDT