Bugtraq mailing list archives
QNX 4.25 suided dhcp.client binary
From: lms () fe up pt
Date: Sat, 03 Dec 2005 17:33:39 +0000
Hello all, I recently got a QNX 4.25 vmware image and i found that the dhcp.client shipped with it is suided. This obviously enables a normal user to control the NIC's configuration and produce some other attacks (eg: if the system has some services which depend on 'host/ip based' authentication [NFS,NIS,rlogin, etc]). Some vmware screenshots are available at: http://lms.ispgaya.pt/goodies/qnx/ I havent got access to other QNX installations so, allthough the person who gave me the image said the binary wasnt changed, can anybody else confirm this? Best regards, +--------------------------------- | Luís Miguel Ferreira da Silva | Unidade de Qualidade e Segurança | Centro de Informática | Professor Correia Araújo | Faculdade de Engenharia da | Universidade do Porto
Attachment:
_bin
Description: PGP Public Key
Current thread:
- QNX 4.25 suided dhcp.client binary lms (Dec 03)