Bugtraq mailing list archives
Re: Advisory: mgetty local compromise
From: "Chris L. Mason" <cmason () UNIXZONE COM>
Date: Tue, 29 Aug 2000 15:58:11 -0400
On Sat, Aug 26, 2000 at 02:23:05AM -0400, Stan Bubrouski wrote: ...
Believed to be vulnerable:
...
OpenBSD 2.7? (mgetty is included in ports packages)
Looks like someone else realized this at least a couple weeks ago. $ make ===> mgetty-1.1.21 is marked as broken: insecure tempfile handling: can overwrite any file on the system. The cvs log shows: ---------------------------- revision 1.17 date: 2000/08/15 19:38:18; author: brad; state: Exp; lines: +2 -2 even better reason why this should be marked BROKEN, insecure tempfile handling: can overwrite any file on the system ---------------------------- I'm sure this will be updated to 1.1.22 after an audit is done. :) Chris
Current thread:
- Advisory: mgetty local compromise Stan Bubrouski (Aug 26)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
- Re: Advisory: mgetty local compromise Stan Bubrouski (Aug 26)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
- Re: Advisory: mgetty local compromise Stan Bubrouski (Aug 29)
- Re: Advisory: mgetty local compromise Mark Stingley (Aug 30)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
- Re: Advisory: mgetty local compromise Cy Schubert - ITSD Open Systems Group (Aug 31)