Re: slocate bug.

From: Kurt Seifried (bugtraqat_private)
Date: Fri Feb 15 2002 - 18:59:45 PST

Next message: KF: "Re: VIM Buffer Overflow"

Previous message: Vadim Berezniker: "Re: Possible IDS-evasion technique"
In reply to: Guilherme Mesquita: "Re: slocate bug."
Next in thread: Larry W. Cashdollar: "Re: slocate bug."
Next in thread: John Adair: "RE: slocate bug."
Reply: Larry W. Cashdollar: "Re: slocate bug."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hey there,
>
> Ok just hold on:
>
> What would be the advantages of exploiting something which would spawn the
"slocate" group privileges? Maybe browsing users' directories? No root
yet...

[seifried@vomit seifried]$ ls -l /usr/bin/slocate
-rwxr-sr-x    1 root     slocate     25020 Jun 25  2001 /usr/bin/slocate

I am group slocate. I can write to slocate binary. root runs slocate (well,
locate, which is a link to slocate). I think that might be a problem.

> -- mips

Kurt Seifried, kurtat_private
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html

Next message: KF: "Re: VIM Buffer Overflow"
Previous message: Vadim Berezniker: "Re: Possible IDS-evasion technique"
In reply to: Guilherme Mesquita: "Re: slocate bug."
Next in thread: Larry W. Cashdollar: "Re: slocate bug."
Next in thread: John Adair: "RE: slocate bug."
Reply: Larry W. Cashdollar: "Re: slocate bug."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Feb 16 2002 - 09:04:12 PST