Bugtraq mailing list archives
RE: 2.4.x/Slackware Init script vulnerability
From: Jeev <geonap () pacbell net>
Date: Wed, 18 Jul 2001 23:59:50 -0700
root@buttmunch:~# ls -l /lib/modules/`uname -r`/modules.dep -rw-r--r-- 1 root root 49902 Jun 16 20:26 /lib/modules/2.2.19/modules.dep root@buttmunch:~# uname -a Linux buttmunch 2.2.19 #5 Sat Jun 16 20:13:44 PDT 2001 i686 unknown root@buttmunch:~# ^ linux slackware 8.0 root@thunder:~# ls -l /lib/modules/`uname -r`/modules.dep -rw-rw-rw- 1 root root 4327 Jul 12 19:49 /lib/modules/2.4.5/modules.dep root@thunder:~# uname -a Linux thunder 2.4.5 #1 SMP Thu Jul 12 19:45:50 MST 2001 i686 unknown root@thunder:~# ^ linux slackware 8.0 j -----Original Message----- From: twiz - Perla Enrico [mailto:twi () boiate it] Sent: Tuesday, July 17, 2001 3:43 PM To: bugtraq () securityfocus com Subject: Re: 2.4.x/Slackware Init script vulnerability I' ve tested it on Slackware 7.0 with kernel 2.4.5 : twisterz:~# uname -r 2.4.5 twisterz:~# I' ve noticed that , while /var/run/utmp *is* world writable : twisterz:~# ls -l /var/run/utmp -rw-rw-rw- 1 root root 4608 Jul 17 02:27 /var/run/utmp twisterz:~# and also /var/run/gpm.pid is -rw-rw-rw-, *but* modules.dep isn' t writable twisterz:~# ls -l /lib/modules/`uname -r`/modules.dep -rw-r--r-- 1 root root 2688 Jul 16 19:36 /lib/modules/2.4.5/modules.dep twisterz:~# So it can't be edited, and the exploit can' t work 'cause you can't add/change lines to modules.dep. I'm going to download Slackware 8.0 and test on it, btw on slak 7.0 keep good the possibility of, as you said :
And of course with /var/run/utmp writeable, users can delete
or in
other ways manipulate their logins as they appear in w/who/finger/getlogin(), etc.
twiz - twiz () superdotati net or twi () boiate it - ./twlc
Current thread:
- Happy 3 month anniversary cfingerd remote bug! zen-parse (Jul 11)
- 2.4.x/Slackware Init script vulnerability josh (Jul 16)
- Re: 2.4.x/Slackware Init script vulnerability Derek Martin (Jul 17)
- Re: 2.4.x/Slackware Init script vulnerability Keith Owens (Jul 18)
- secure software philosophy (was Re: 2.4.x/Slackware Init script vulnerability) Derek Martin (Jul 18)
- Re: 2.4.x/Slackware Init script vulnerability Derek Martin (Jul 17)
- Re: 2.4.x/Slackware Init script vulnerability twiz - Perla Enrico (Jul 18)
- Re: 2.4.x/Slackware Init script vulnerability Radu-Adrian Feurdean (Jul 19)
- Re: 2.4.x/Slackware Init script vulnerability twiz - Perla Enrico (Jul 19)
- RE: 2.4.x/Slackware Init script vulnerability Jeev (Jul 19)
- 2.4.x/Slackware Init script vulnerability josh (Jul 16)