Bugtraq mailing list archives
Re: Weakness in some linux versions of adduser.
From: sod () command com inter net (Scriptors of DOOM)
Date: Mon, 9 Dec 1996 00:08:46 -0700
Whee! An advisory!
Subject: CIAC Bulletin H-10: HP-UX Security Vulnerabilities
Whee! HP!
VULNERABILITY Exploit information involving these vulnerabilities have been ASSESSMENT: made publicly available.
By? BY?!? Doesn't anybody make attribution anymore?
CIAC wishes to acknowledge the contributions of AUSCERT for the information contained in this bulletin.
Oh, well, I guess they do make attribution. Unfortunately, as we all must know, AUSCERT didn't originate this information. I guess they're just thanking them because they could steal the AUSCERT Advisory and not have to do any real work on their own. Understandable -- they must be salaried.
AUSCERT thanks Hewlett-Packard for their continued assistance and technical expertise essential for the production of this advisory. AUSCERT also thanks Information Technology Services of the University of Southern Queensland for their assistance.
Hey, good call. Thank the corporation that created the buggy software, but don't thank the corporation that exposed the bug. Hey, AUSCERT, you're welcome, and I expect to see the letters S, O, and D, possibly followed by the phrase "HP Bug of the Week" along with a URL, included in your next advisory about the chfn overflow, please; we'd appreciate these most modest of accommodations -- and a little "Thank you" to aleph1 couldn't hurt as well. I'm also a bit curious, maybe someone at AUSCERT could reply to this message and fill us in a little bit: exactly how did HP assist and provide the technical expertise essential for the production of your little advisory? Did you call up the 633-3600 Support Line and actually get technical support? Impressive, if true. HP Security staff refuses to comment on security holes until a patch is available, yet you say they provided _technical_expertise_. (This message will, as usual, fly on over to security-alert () hp com, if anyone there is interested in satiating my curiousity, feel free to Reply to Sender.) And so I suppose I should mention at this point that the chfn overflow sits quietly, waiting for download, at http://command.com.inter.net/~sod/, where one bug a week is the promise we keep, lest we be forced to party like animals on the sixth ring of Hell, which frankly doesn't sound like a terrible fate to me. And let me not fail to mention that included in this week's diatribe, honorary Homeboy Otto Sync shows us how to tickle the screws on HP's OpenCall SCP platform used in the SS7 networks of some of our favorite PSTN's -- now the Internet isn't the only thing that's vulnerable! G'day SPECIAL NOTE TO OUR FRIENDS AT HP: Oh! Mister Ay-cha Pee-ya, you-a donna how-a nize it is to-a see you again-a. We gonna gibba to you a special treat today-a, a discount-a. A half-a price-a sale, butchew a butta comma quick, since we-a not be around-a foreva. I-a canna type like this-a no more. Quick action will save your customers despair. That will make them happy, and their happiness will drive up your sales. Your rising sales will make you happy, and increase your income. Your increased income will drive your generosity, and you will give to those who have helped you along the way. Therefore: *clears throat* Please give us sex and/or money; we're not picky. I think we all realized a long time ago that love and respect were definitely out for mutants like us, so now we're just looking for the sex and the money. For the love of God, man, we're insanely horny and filled with desire, it's the least you can do! We're begging here! Please?
Current thread:
- Re: Weakness in some linux versions of adduser. Alan Brown (Dec 08)
- <Possible follow-ups>
- Re: Weakness in some linux versions of adduser. Adam Powers (Dec 08)
- Re: Weakness in some linux versions of adduser. Scriptors of DOOM (Dec 08)