Bugtraq mailing list archives
Vulnerability in ccdconfig
From: rotel () INDIGO IE (Niall Smart)
Date: Wed, 31 Dec 1997 02:02:31 +0000
Hi, FreeBSD and NetBSD's ccdconfig doesn't do proper checking of the argument to -f: [nsmart@ginseng ~]$ ccdconfig -U -f /dev/mem 2>&1 | strings | grep Charlie root:iDeLeTeDiT:0:0::0:0:Charlie: No such file or directory ^C I had to cat /etc/master.passwd in another window to get this to work though :) So perhaps its not very easily exploitable, but is worth fixing nonetheless. This bug was also spotted by olivier () secnet com and fixed in OpenBSD some time ago. Fixes: * FreeBSD and NetBSD have been notified of the problem and have fixed it in their source tree's as of yesterday (FreeBSD-current, FreeBSD-stable, NetBSD-current) Retrieve the patched ccdconfig.c and compile yourself a new ccdconfig. * "chmod g-s /sbin/ccdconfig". I can't think of any reason for it to be sgid kmem. Regards, Niall
Current thread:
- Re: Apache DoS attack? Zen (Dec 30)
- Re: Apache DoS attack? Jim Hribnak (Dec 30)
- <Possible follow-ups>
- Re: Apache DoS attack? Micha³ Zalewski (Dec 30)
- Re: Apache DoS attack? Marc Slemko (Dec 30)
- Re: Apache DoS attack? Marc Slemko (Dec 30)
- Vulnerability in ccdconfig Niall Smart (Dec 30)
- Re: Vulnerability in ccdconfig Warner Losh (Dec 30)
- vhost Solar Designer (Dec 30)
- Re: Apache DoS attack? Marc Slemko (Dec 30)