Bugtraq mailing list archives
Re: majordomo local exploit
From: hno () HEM PASSAGEN SE (Henrik Nordstrom)
Date: Fri, 31 Dec 1999 03:39:21 +0100
Henrik Edlund wrote:
I'm afraid that wouldn't help much, as you can supply any pathname as the -C (configuration file) argument: /path/to/majordomo/wrapper resend -l foobar -C /tmp/evilhack.pl I tested this with version 1.94.1, but the same behaviour seems to be there in 1.94.4, as far as I can tell by the source.This patch should take care of that problem:
Not quite. Your patch can be fooled by simple link trickery as there is a race window between your check and the parsing of the configuration file. A better way is to stat the filehandle. This guarantees (on system supporting fstat) that you get the information on the file about to be read in rather than the information of a filename which may or may not be the same file which is being read in. -- Henrik Nordstrom
Current thread:
- majordomo local exploit, (continued)
- majordomo local exploit Brock Tellier (Dec 28)
- $cf Security flaw Shevek (Dec 02)
- Re: majordomo local exploit Christopher Schulte (Dec 28)
- Re: majordomo local exploit Todd C. Miller (Dec 28)
- AltaVista rudi carell (Dec 29)
- Re: majordomo local exploit Taneli Huuskonen (Dec 29)
- Re: majordomo local exploit Coolio (Dec 29)
- Re: majordomo local exploit Henrik Edlund (Dec 29)
- bna,sh Loneguard (Dec 30)
- Re: majordomo local exploit Andrew Brown (Dec 30)
- Re: majordomo local exploit Henrik Nordstrom (Dec 30)
- Fix for HP-UX automountd/autofs exploit (fwd) Doug Siebert (Dec 30)
- Re: Fix for HP-UX automountd/autofs exploit (fwd) LaMont Jones (Dec 31)
- vibackup.sh Loneguard (Dec 31)
- More info on MS99-061 (IIS escape character vulnerability) .rain.forest.puppy. (Dec 29)
- Follow UP AltaVista rudi carell (Dec 30)
- majordomo local exploit Brock Tellier (Dec 28)
- Re: majordomo local exploit Brock Sides (Dec 29)