Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: medulla () infosoc com (Mike Edulla)
Date: Sat, 8 Jul 1995 01:02:18 -0400
On Thu, 6 Jul 1995, Michael Shields wrote:
Date: Thu, 6 Jul 1995 23:33:54 +0000 From: Michael Shields <shields () tembel org> To: Multiple recipients of list BUGTRAQ <BUGTRAQ () CRIMELAB COM> Subject: Re: Exploit for Linux wu.ftpd holeminicom has a known, but not very well-known hole in it that is nearly identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71 version of minicom, you can get root,What is minicom doing as root? It should be setgid dialout. Is Slackware really doing that?
According to the minicom docs, minicom is designed to be suid root, and won't work otherwise, and thats how its installed. You're right though, it should be sgid UUCP or whatever... But...The bug has been fixed, although third party suid root programs are always suspicious.
When you move something on top of messages, messages is unlinked. The file is still open, but no longer accessible through the directory structure.
Can this not be detected? Obviously the write will fail, when this occurs - should not syslogd reopen (or attempt to reopen) the messages file, and make a note of the problem as a debug warning? Or is there something that makes this impossible/impractical.
Current thread:
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4), (continued)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jeremy Fitzhardinge (Jul 13)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) James W. Abendschan (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Lyndon Nerenberg (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Karl Strickland (Jul 10)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Perry E. Metzger (Jul 10)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing BioH (Jul 10)
- Re: Exploit for Linux wu.ftpd hole Nathan Lawson (Jul 09)
- Re: Exploit for Linux wu.ftpd hole Michael Shields (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 07)
- Why are we using priveleged images / state so much? (Was Re: Paul Robinson (Jul 06)
- Re: Why are we using priveleged images / state so much? (Was Re: Dr. Frederick B. Cohen (Jul 06)
- Details of linux select(2) bug? Karl Strickland (Jul 07)
- SM 8.6.12 Nathan Lawson (Jul 08)
- Re: SM 8.6.12 Karl Strickland (Jul 08)
- Re: SM 8.6.12 Christopher A. Stewart (Jul 11)
- Re: SM 8.6.12 Mark A. Fullmer (Jul 13)
- Re: SM 8.6.12 Eric Allman (Jul 16)
- inetd probs Mark (Jul 17)
- Re: SM 8.6.12 Pat The Friendly RedNeck (Jul 17)