Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: medulla () infosoc com (Mike Edulla)
Date: Wed, 5 Jul 1995 18:06:10 -0400
On Wed, 5 Jul 1995, Henri Karrenbeld wrote:
Date: Wed, 5 Jul 1995 18:44:17 +0100 From: Henri Karrenbeld <H.Karrenbeld () ct utwente nl> To: Multiple recipients of list BUGTRAQ <BUGTRAQ () CRIMELAB COM> Subject: Exploit for Linux wu.ftpd hole Since Bugtraq is exceptionally quiet lately, I though I should make it come alive again with this discussion of the bug that was reported in the wu.ftpd that comes with some Slackware distributions of Linux. The report was just before Bugtraq went down for a long time, but I've found the bug still to be present on all the Linux machines that I have access to. So maybe it needs to be brought a little more in the open. Here we go: ObBug: - Short description of the bug
<snip> Fortunately, this bug is mainly fixed by now (i would hope)... minicom has a known, but not very well-known hole in it that is nearly identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71 version of minicom, you can get root, its the same sort of thing, seteuid(0), and then make a suid root shell somewhere - you do it by changing the name of 'runscript' to your shell... It wouldnt really be much of a problem, except that linux to this day (i believe) continues to have the users gonzo, satan, and snake in minicom.users (or the slackware release does, at the very least). --- There also apepars to be a bug in syslog. If you do something like: grep -v "ROOT" messages > mmm; mv mmm messages Logging is disabled, I suspect this problem is that the file pointer maintained by syslog is getting ahead of the physical EOF, and thus writes will fail, but this is just a guess, and I havent looked at the source to linux's syslog. --- But a more interesting topic than linux bugs would be helpful; ever since the list went moderated, it seems to have gotten mighty quiet.
Current thread:
- Exploit for Linux wu.ftpd hole Henri Karrenbeld (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Karl Strickland (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Larry Kruper (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- Re: Exploit for Linux wu.ftpd hole Timothy Newsham (Jul 05)
- Linux FIOSETOWN ioctl hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Darren Reed (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Marc W. Mengel (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- web site Aleph One (Jul 07)
- Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Dr. Frederick B. Cohen (Jul 09)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)