Bugtraq mailing list archives
Re: numerous free/paid account systems are vulnerable to privledges elevation attacks
From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Mon, 13 Nov 2000 10:44:01 +0100
On Sun, 12 Nov 2000, Jeff Bachtel wrote:
Starting off with this, I know of no distribution (of OpenBSD, of RedHat, of Debian etc.) that has any sort of automatic account generation built in.
That's why I am not saying this vulnerability is a problem of specific distribution, but of a numerous account creation utils - this problem seems to be generic, you could use any search engine to locate dozens of adduser.cgi, adduser.pl amd similar scripts invoking system utilities. _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Bernhard Rosenkraenzer (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Alexander Schreiber (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Pavel Korovin (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Tomasz Kłoczko (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks hellman (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Jeff Bachtel (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Michal Zalewski (Nov 14)