Re: UUCP

From: Casper Dik (Casper.Dikat_private)
Date: Sat Dec 01 2001 - 10:04:40 PST

Next message: Casper Dik: "Re: UUCP"

Previous message: Jari Helenius: "RE: NAI Webshield SMTP for WinNT MIME header vuln that allowsBadTrans to pass"
Next in thread: Casper Dik: "Re: UUCP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode,
>> and others.  So if I can use this vuln to su uucp, I can trojan e.g.
>> tip.  Then the next time root runs what he thinks is tip, I've got the
>> box.
>
>on solaris:
>
>$ grep uucp /etc/inetd.conf
>uucp   stream  tcp     nowait  root    /usr/sbin/in.uucpd      in.uucpd

I think you'll find that in Solaris 8 and later, only those
executables that are set-uid uucp have retained uucp ownership.

(Tip, of course, is still often executed by root in some settings)

(Oh, and we're discussing a buffer overflow in uucp on BSDi, so
Solaris may not be a target for this problem)

Casper

Next message: Casper Dik: "Re: UUCP"
Previous message: Jari Helenius: "RE: NAI Webshield SMTP for WinNT MIME header vuln that allowsBadTrans to pass"
Next in thread: Casper Dik: "Re: UUCP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Dec 01 2001 - 18:14:41 PST