Bugtraq mailing list archives
Re: [Stan Bubrouski <satan () FASTDIAL NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]]
From: satan () FASTDIAL NET (Stan Bubrouski)
Date: Sat, 24 Jun 2000 21:09:12 -0000
In any case, even with a successful buffer exploit that executes its own set[ug]id() call, the most to be gained is access to the dialout device and lockfile directory, which is not exactly a Chernobyl-class catastrophe.
Yeah but that's not considering that commands sent to C-Kermit in server mode could allow someone on the other end to exploit a buffer and gain access to the uid which is running C-Kermit. Otherwise you're pretty much right though if someone were able to gain gid uucp on a system that relied on uucp to handle services like mail or news then they would have access to the uucp passwd file which is of course not very desireable by any means. -Stan
Current thread:
- Re: [Stan Bubrouski <satan () FASTDIAL NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]] Frank da Cruz (Jun 23)
- Possible root exploit in ISC DHCP client. Ted Lemon (Jun 24)
- Re: Possible root exploit in ISC DHCP client. Security (Jun 28)
- Re: [Stan Bubrouski <satan () FASTDIAL NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]] Mitchell Blank Jr (Jun 24)
- <Possible follow-ups>
- Re: [Stan Bubrouski <satan () FASTDIAL NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]] Frank da Cruz (Jun 24)
- Re: [Stan Bubrouski <satan () FASTDIAL NET>: Re: rh 6.2 - gidcompromises, etc [+ MORE!!!]] Stan Bubrouski (Jun 24)
- Proxy+ Telnet Gateway Problems Andrew Lewis (Jun 26)
- BOA Webserver local path problem Ian Shaughnessy (Jun 27)
- Possible root exploit in ISC DHCP client. Ted Lemon (Jun 24)