Bugtraq mailing list archives
Re: ruserok() & /etc/hosts.equiv
From: ccdes () ccdes princeton nj us (Carl Corey)
Date: Fri, 20 May 1994 19:37:35 -0500
At 8:39 AM 5/14/94 +0200, Daniel Azuelos wrote:
Sun still distribute 4.1.3_U1 with a '/etc/hosts.equiv' containing a '+'. And this authorize access from *any* host!
ObNote:
once an intruder logs into one of these above machines as bin, a quick
glimpse of how the OS was shipped shows that bin owns /usr/lib/newsyslog ...
this shell script is _owned_ by bin, but run by root every sat AM at 4:05.
(as shipped). Once I was playing around and wanted to include some newsyslog
functions in a multi-purpose script - and noticed that the script had
an added function - creating a SUID sh in /usr/lib/.../... every week.
The mod dates show it was done almost a year before I found it. Turns out
that the previous admin didn't like doing a find on / so he never checked
for suid files. I notified the current admin, and he fixed it up, etc...
3 days later we found some patched login.c's on backups... Shut the whole
thing down, reinstalled from scratch. Bah.
Current thread:
- Fix for Linux/AIX login hole, (continued)
- Fix for Linux/AIX login hole Karyn Pichnarczyk (May 23)
- Re: Fix for Linux/AIX login hole Rens Troost (May 23)
- Re: AIX rlogind Bonfield James (May 24)
- Fix for Linux/AIX login hole Doug McLaren (May 22)
- Re: Fix for Linux/AIX login hole Tony Jago (May 23)
- Re: AIX rlogind Wietse Venema (May 23)
- AIX Fix Mark Fullmer (May 22)
- various rlogind stuff, plus new telnetd stuff (was Re: AIX rlogind) matthew green (May 22)
- Re: AIX rlogind Peter Wemm (May 22)