Bugtraq mailing list archives

Re: Advisory: mgetty local compromise

From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert () uumail gov bc ca>
Date: Wed, 30 Aug 2000 13:08:05 -0700

In message <20000829155810.A27454 () unixzone com>, "Chris L. Mason"
writes:

On Sat, Aug 26, 2000 at 02:23:05AM -0400, Stan Bubrouski wrote:
...


Believed to be vulnerable:

...

OpenBSD 2.7? (mgetty is included in ports packages)



Looks like someone else realized this at least a couple weeks ago.

$ make
===>  mgetty-1.1.21 is marked as broken: insecure tempfile handling: can
overwrite any file on the system.

The cvs log shows:

----------------------------
revision 1.17
date: 2000/08/15 19:38:18;  author: brad;  state: Exp;  lines: +2 -2
even better reason why this should be marked BROKEN,
insecure tempfile handling: can overwrite any file on the system
----------------------------

I'm sure this will be updated to 1.1.22 after an audit is done.  :)


FreeBSD realised this about 2 months ago, apparently after it was
discussed here on BUGTRAQ.

http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/comms/mgetty%2bsendfax/Makef
ile


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert () osg gov bc ca
Open Systems Group, ITSD, ISTA
Province of BC

Current thread:

Advisory: mgetty local compromise Stan Bubrouski (Aug 26)
- Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
  - Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
  - Re: Advisory: mgetty local compromise Stan Bubrouski (Aug 26)
    - Re: Advisory: mgetty local compromise Gert Doering (Aug 26)
    - Re: Advisory: mgetty local compromise Stan Bubrouski (Aug 29)
    - Re: Advisory: mgetty local compromise Mark Stingley (Aug 30)
- Re: Advisory: mgetty local compromise Chris L. Mason (Aug 30)
  - Re: Advisory: mgetty local compromise Cy Schubert - ITSD Open Systems Group (Aug 31)