Bugtraq mailing list archives
Re: UUCP
From: Casper Dik <Casper.Dik () Sun COM>
Date: Sat, 01 Dec 2001 19:04:40 +0100
Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode, and others. So if I can use this vuln to su uucp, I can trojan e.g. tip. Then the next time root runs what he thinks is tip, I've got the box.on solaris: $ grep uucp /etc/inetd.conf uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd
I think you'll find that in Solaris 8 and later, only those executables that are set-uid uucp have retained uucp ownership. (Tip, of course, is still often executed by root in some settings) (Oh, and we're discussing a buffer overflow in uucp on BSDi, so Solaris may not be a target for this problem) Casper
Current thread:
- Re: UUCP sirsyko (Dec 01)
- Re: UUCP Casper Dik (Dec 02)