Bugtraq mailing list archives

Re: numerous free/paid account systems are vulnerable to privledges elevation attacks

From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Mon, 13 Nov 2000 10:44:01 +0100

On Sun, 12 Nov 2000, Jeff Bachtel wrote:

Starting off with this, I know of no distribution (of OpenBSD, of
RedHat, of Debian etc.) that has any sort of automatic account
generation built in.


That's why I am not saying this vulnerability is a problem of specific
distribution, but of a numerous account creation utils - this problem
seems to be generic, you could use any search engine to locate dozens of
adduser.cgi, adduser.pl amd similar scripts invoking system utilities.

_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

Current thread:

numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Bernhard Rosenkraenzer (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Alexander Schreiber (Nov 13)
  - Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 13)
    - Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Pavel Korovin (Nov 14)
    - Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Tomasz Kłoczko (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks hellman (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Jeff Bachtel (Nov 14)
  - Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Michal Zalewski (Nov 14)