Bugtraq mailing list archives
Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
From: hellman <sec () artofit com>
Date: Sun, 12 Nov 2000 21:01:23 +0300
Hello Michal, Friday, November 10, 2000, 5:37:17 PM, you wrote: Hm... There isn't this vulnerablity on FreeBSD systems... Because adduser is a perl script.... If u use 'pw' to add users u can define in /etc/pw.conf all information about new added users... check 'pw -D' command -- Unix-administrator, Security Analysist mailto: hellman () freebsd sh < /etc/master.passwd || You doesn't need a good teacher, you need a good HEAD || -----BEGIN PGP PUBLIC KEY BLOCK----- mQGiBDk2mmwRBADZ35CdgG9sFpIAWW/0z4D+uJc9I6k3CVa6P5XNwk3SQ1UyVkxV sZiraUNpuUoXRDxxLCo5k9/ZsY0YJ7Cv/Yd/zkxz2rbacHZGX7Mq907Rcls7egQx sHTyCCKlOAFlBFzg6wyOlkg9jGf88nhojfqkljN65m5u7o6SG5hi5qR8JQCg/5Qz c+gSu9Mr9Rg9X54V0/ho8BkD/R7t6g+q5DNhTyxl0QyUJXL2OJAYhaujFPJpjgNC VkALk8fK2O0Li5vD7nY/yAitEIlous5L75YKPQxxRvDd8rBBecCigkgEcQjpiHB7 PEjNRCWfM1Jsv05jWjTeAwoYtsJTulZv1zxvt5Z+D3qPMAFKbVth0jy+KbhrNzvQ ULAAA/9N/rWTi+5C3t3dv0PxxxPpixy8wAfQLweog9DLkrBVODTAzi7z/+cEP4je kmEqr4lmL6eWqW5sc2Y67loHp/K4VsoX2kKgVK1UkOAX0Nm0STwWO8hrSIue1Dbe MnYV+hQkyxc/7Ll1f7+ei/FZCdz9cjQRcLIG2VU16My7deRWDrQeSGVsbF9tYW4g PGhlbGxtYW5AYXN0cmF0ZWwucnU+iQBOBBARAgAOBQI5NppsBAsDAgECGQEACgkQ V1wXLAwYCJ3oQwCdHpA5THKyWifi0XODfOYkaoqMZq8AoMo+nPGRndrvgR+k1ar2 UYJDZ6pPuQINBDk2mm0QCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoB p1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnh V5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr 5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4 XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zaf q9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCACZsqA5WqknThTy iW1yQyzsMOvPp72HW4Mup+qfuGUcCQQ+WqDGLMcj42Me1Zk3atVEcjWxMCgbRWPc DMeoXt/B+/lsaZL207a58qKTP7TChGaDb5yzF2M/3vGI29PtTiyRqwljVdLtFx11 SJkyyIneSGHSbeM9m57Yt6AFxm+nhYLcto8bhAAPPNJmrj45Iyj7DA6X4GEp6BxC Vs1d7tdl8Dfg3VxtcjbN7QfE1wuxl6C5zzMpl0Z6VNAU5Zg8oQy1w1zFzaq/WrQp dweLAcgRg/Ej3DviDfz/2YamvXElcee+8vT7r8cCVwZLSAJ+EkrM3JZ6fNvGJH6I 3sjKoYagiQBGBBgRAgAGBQI5NpptAAoJEFdcFywMGAidwScAnj6XEfh7MkLCN8CM 7k7mm8UHd5WeAJ4+XVxbn35j6iZcEct4wQTaylNftw== =TaEU -----END PGP PUBLIC KEY BLOCK-----
Current thread:
- numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Bernhard Rosenkraenzer (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Alexander Schreiber (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Pavel Korovin (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Tomasz Kłoczko (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks hellman (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Jeff Bachtel (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Michal Zalewski (Nov 14)