Vulnerability Development mailing list archives
Re: /var/named world writeable in latest slack
From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Thu, 12 Oct 2000 08:50:12 +0200
On Wed, 11 Oct 2000, Jason Storm wrote:
I just installed the latest slack distro from ftp.freesoftware.com, not the ISO btw, and /var/named was world writeable.
If so, it almost for sure means root compromise, AFAIK. As I recall, config file parsing could cause some overflows...
I'm looking for a good job: http://lcamtuf.hack.pl/job.html
_______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- /var/named world writeable in latest slack Jason Storm (Oct 11)
- Re: /var/named world writeable in latest slack Michal Zalewski (Oct 12)
- Re: /var/named world writeable in latest slack Jason Storm (Oct 12)
- Re: /var/named world writeable in latest slack Michal Zalewski (Oct 12)
- Re: /var/named world writeable in latest slack Jason Storm (Oct 12)
- Re: /var/named world writeable in latest slack Dave McLaughlin (Oct 12)
- Re: /var/named world writeable in latest slack Brian Poole (Oct 13)
- <Possible follow-ups>
- Fw: /var/named world writeable in latest slack Dave McLaughlin (Oct 12)
- Re: /var/named world writeable in latest slack Michal Zalewski (Oct 12)