Bugtraq mailing list archives
Re: (debian) Re: suidperl; more
From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Tue, 8 Aug 2000 15:45:18 -0500
BTW: FreeBSD 4.0 isn't vulnerable (for a few reasons): The First is the same as Debian: suidperl calls /bin/mail (it's hardcoded) and FreeBSD uses /usr/bin/mail Also, there is no /bin/bash. If you install the bash package, it's /usr/local/bin/bash If I symlink /bin/mail --> /usr/bin/mail and modify the script so that boomsh calls /bin/sh, this exploit does work with FreeBSD 4.0. I've long since gotten rid of my FreeBSD 3.x and 2.x boxen, so I don't have a good way to test old FreeBSD releases. I'll try OpenBSD 2.7 and NetBSD 1.4.2 when I get home. I'm guessing the recent releases of all *BSD are probably not vulnerable due to the location of mail (and the fact that /bin/bash doesn't exist, but any script kiddie can change the script to /bin/sh). Noah Dunker Network Security Engineer FishNet Security 816.421.6611 http://www.fishnetsecurity.com -----Original Message----- From: Alexander Oelzant [mailto:aoe () OEH NET] Sent: Tuesday, August 08, 2000 8:04 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: (debian) Re: suidperl; more On Mon, Aug 07, 2000 at 06:07:57PM +0200, Sebastian wrote:
So far, there are more security-releated apps which use /bin/mail for logging
Debian again proves to be highly security-aware: it does not even have a /bin/mail and is thus safe from this very attack. Of course, using /usr/bin/mail works fine, so any applications where /bin/mail was not hardcoded would be affected. hth Alexander -- Alexander Oelzant alexander () oelzant priv at
Current thread:
- Re: (debian) Re: suidperl; more Dunker, Noah (Aug 09)
- Re: (debian) Re: suidperl; more Sergiy Zhuk (Aug 10)
- Re: (debian) Re: suidperl; more Dylan Griffiths (Aug 10)