Bugtraq mailing list archives

[linux-security] sliplogin (fwd)

From: pauld () umbc edu (Paul Danckaert)
Date: Tue, 16 Jul 1996 19:21:46 -0500


Interesting.  The code is the same on FreeBSD, it looks like.  However, on
the default distributed system, there isn't a /etc/sliphome directory,
which is necessary for sliplogin to startup correctly.  Therefore the
standard FreeBSD distribution dies out before it gets anywhere near the
system command. If you do run slip off of your system however, its much
more possible that bad things can happen..

paul

---------- Forwarded message ----------
Date: Tue, 16 Jul 1996 15:27:19 -0500
From: David Holland <dholland () hcs HARVARD EDU>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ () NETSPACE ORG>
Subject: [linux-security] sliplogin

Anyone running a version of sliplogin older than sliplogin-2.1.0
(which can be gotten from sunsite.unc.edu:/pub/Linux/system/Network/serial
or ftp.uk.linux.org:/pub/linux/Networking/transports) should remove it
or upgrade it immediately.

It does

        setuid(0);
        if (s = system(logincmd)) {
           :
        }

without clearing the environment first. Therefore, anybody can get
root trivially.

The sliplogin from NetKit-B-0.06 is affected.
Current RedHat sliplogin is not affected.
Others I don't know about.

--
   - David A. Holland          | Number of words in the English language that
     dholland () hcs harvard edu  | exist because of typos or misreadings: 381

Current thread:

Re: brute force Jacob Langseth (Jul 10)
- Re: brute force Buckaroo Banzai (Jul 16)
- Holly Wars Aleph One (Jul 16)
- [linux-security] sliplogin (fwd) Paul Danckaert (Jul 16)
  - Re: [linux-security] sliplogin (fwd) Nate Williams (Jul 16)
  - HP/UX 10.01 Remote Administration accoun Matt Barrie SYD (Jul 16)
  - locate Ian Otsane (Jul 16)
    - Re: locate Christian Limpach (Jul 17)
  - FreeBSD Security Advisory 96:17 - rzsz FreeBSD Security Officer (Jul 17)
  - FreeBSD Security Advisory 96:16 - rdist FreeBSD Security Officer (Jul 17)