Re: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)

From: David Terrell (dbtat_private)
Date: Thu Sep 20 2001 - 14:59:39 PDT

  • Next message: Thomas Biege: "SuSE Security Announcement: wmaker/WindowMaker (SuSE-SA:2001:032)" 

    On Thu, Sep 20, 2001 at 09:48:34PM +0200, Przemyslaw Frasunek wrote:
> [snip]
> in session.c, which allows to read ANY file in system with superuser
> privileges, by defining:
> 
> default:\
>  :copyright=/etc/master.passwd:
> or
>  :welcome=/etc/master.passwd:
> in user's ~/.login_conf.
> 
> [snip telnetd/login]
> default:\
>  :nologin=/etc/master.passwd:
> 
> [blah blah FreeBSD core]
> 
> Official advisory is pending. It's possible, that other *BSD systems,
> supporting login capability database are also vulnerable.

I can't duplicate either of these with OpenBSD 2.9.

-- 
David Terrell            | "My question is, if a mime types, isn't 
dbtat_private             |  that kinda cheating?"
http://wwn.nebcorp.com/  |    - Jason Zych

    This archive was generated by hypermail 2b30 : Thu Sep 20 2001 - 15:13:34 PDT