Bugtraq mailing list archives
[linux-security] sliplogin (fwd)
From: pauld () umbc edu (Paul Danckaert)
Date: Tue, 16 Jul 1996 19:21:46 -0500
Interesting. The code is the same on FreeBSD, it looks like. However, on the default distributed system, there isn't a /etc/sliphome directory, which is necessary for sliplogin to startup correctly. Therefore the standard FreeBSD distribution dies out before it gets anywhere near the system command. If you do run slip off of your system however, its much more possible that bad things can happen.. paul ---------- Forwarded message ---------- Date: Tue, 16 Jul 1996 15:27:19 -0500 From: David Holland <dholland () hcs HARVARD EDU> To: Multiple recipients of list BUGTRAQ <BUGTRAQ () NETSPACE ORG> Subject: [linux-security] sliplogin Anyone running a version of sliplogin older than sliplogin-2.1.0 (which can be gotten from sunsite.unc.edu:/pub/Linux/system/Network/serial or ftp.uk.linux.org:/pub/linux/Networking/transports) should remove it or upgrade it immediately. It does setuid(0); if (s = system(logincmd)) { : } without clearing the environment first. Therefore, anybody can get root trivially. The sliplogin from NetKit-B-0.06 is affected. Current RedHat sliplogin is not affected. Others I don't know about. -- - David A. Holland | Number of words in the English language that dholland () hcs harvard edu | exist because of typos or misreadings: 381
Current thread:
- Re: brute force Jacob Langseth (Jul 10)
- Re: brute force Buckaroo Banzai (Jul 16)
- Holly Wars Aleph One (Jul 16)
- [linux-security] sliplogin (fwd) Paul Danckaert (Jul 16)
- Re: [linux-security] sliplogin (fwd) Nate Williams (Jul 16)
- HP/UX 10.01 Remote Administration accoun Matt Barrie SYD (Jul 16)
- locate Ian Otsane (Jul 16)
- Re: locate Christian Limpach (Jul 17)
- FreeBSD Security Advisory 96:17 - rzsz FreeBSD Security Officer (Jul 17)
- FreeBSD Security Advisory 96:16 - rdist FreeBSD Security Officer (Jul 17)