Bugtraq mailing list archives

Re: Advisory: mgetty local compromise

From: "Chris L. Mason" <cmason () UNIXZONE COM>
Date: Tue, 29 Aug 2000 15:58:11 -0400

On Sat, Aug 26, 2000 at 02:23:05AM -0400, Stan Bubrouski wrote:
...


Believed to be vulnerable:

...

OpenBSD 2.7? (mgetty is included in ports packages)



Looks like someone else realized this at least a couple weeks ago.

$ make
===>  mgetty-1.1.21 is marked as broken: insecure tempfile handling: can
overwrite any file on the system.

The cvs log shows:

----------------------------
revision 1.17
date: 2000/08/15 19:38:18;  author: brad;  state: Exp;  lines: +2 -2
even better reason why this should be marked BROKEN,
insecure tempfile handling: can overwrite any file on the system
----------------------------

I'm sure this will be updated to 1.1.22 after an audit is done.  :)


Chris

Current thread:

Advisory: mgetty local compromise Stan Bubrouski (Aug 26)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
  - Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
  - Re: Advisory: mgetty local compromise Stan Bubrouski (Aug 26)
    - Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
    - Re: Advisory: mgetty local compromise Stan Bubrouski (Aug 29)
    - Re: Advisory: mgetty local compromise Mark Stingley (Aug 30)
- Re: Advisory: mgetty local compromise Chris L. Mason (Aug 30)
  - Re: Advisory: mgetty local compromise Cy Schubert - ITSD Open Systems Group (Aug 31)