Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /usr/sbin/audlinks vulnerability

From: optyx <optyx () UBERHAX0R NET>
Date: Mon, 8 Jan 2001 19:22:20 -0800
It was never stated you could use audlinks to gain root through
rsh/rlogin.

in my post I said you could use it to clobber (overwrite to clarify
because obviously I have to)

audlinks like many programs doesn't fstat the file it opens with O_RDWR
access properly.

As far as this posing a threat to a systems files, its highly
unlikely.  This was just notice of failure to fstat properly, which could
lead to problems.

And audlinks is executed on boot with static arguements, so this is not
vulnerable.

-Optyx
http://www.uberhax0r.net
Previous By Date Next
Previous By Thread Next

Current thread: