Bugtraq mailing list archives

Re: Exploit for Linux wu.ftpd hole

From: shields () tembel org (Michael Shields)
Date: Thu, 6 Jul 1995 23:33:54 +0000

minicom has a known, but not very well-known hole in it that is nearly
identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71
version of minicom, you can get root,


What is minicom doing as root?  It should be setgid dialout.

Is Slackware really doing that?

There also apepars to be a bug in syslog. If you do something like:

grep -v "ROOT" messages > mmm; mv mmm messages


This isn't a security hole since users shouldn't be able to write to
/var/log/messages.

Logging is disabled, I suspect this problem is that the file pointer
maintained by syslog is getting ahead of the physical EOF, and thus
writes will fail, but this is just a guess, and I havent looked at the
source to linux's syslog.


When you move something on top of messages, messages is unlinked.
The file is still open, but no longer accessible through the directory
structure.
--
Shields.

Current thread:

Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4), (continued)
- - - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Henri Karrenbeld (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jeremy Fitzhardinge (Jul 13)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) James W. Abendschan (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Lyndon Nerenberg (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Karl Strickland (Jul 10)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Perry E. Metzger (Jul 10)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing BioH (Jul 10)
    - Re: Exploit for Linux wu.ftpd hole Nathan Lawson (Jul 09)
  - Re: Exploit for Linux wu.ftpd hole Michael Shields (Jul 06)
    - Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 07)
- Why are we using priveleged images / state so much? (Was Re: Paul Robinson (Jul 06)
  - Re: Why are we using priveleged images / state so much? (Was Re: Dr. Frederick B. Cohen (Jul 06)
  - Details of linux select(2) bug? Karl Strickland (Jul 07)
  - SM 8.6.12 Nathan Lawson (Jul 08)
    - Re: SM 8.6.12 Karl Strickland (Jul 08)
    - Re: SM 8.6.12 Christopher A. Stewart (Jul 11)
    - Re: SM 8.6.12 Mark A. Fullmer (Jul 13)
    - Re: SM 8.6.12 Eric Allman (Jul 16)
    - inetd probs Mark (Jul 17)

(Thread continues...)