Bugtraq mailing list archives
Re: passwd -F
From: dan () pasteur fr (Daniel Azuelos)
Date: Wed, 11 May 1994 21:59:49 +0200 (MET DST)
| FYI, this vulnerability exists on 4.1.3_U1. I do not know how | widespread knowledge of this vulnerability is, but I have seen Suns | running a modified passwd program that has "-F option disabled" (according | to the message output by passwd). So somebody out there has known about | it for a while. Yes, I remember we found that one in 87, probably with SunOS 3.5. There was a possibility to corrupt a file in the passwd format with that trick and the NIS (yppasswdd), but apparently no possibility to make a correct change of any passwd. The worst case was the possibility to remove parts of /etc/passwd. Unfortunately I didn't keep any shell to exhibit this behaviour. And yes, we made a serious bug report to Sun. Perhaps that's why some persons don't like binary distribution. -- dan ``Et pourtant ga tourne....''
Current thread:
- Re: new iss stuff, (continued)
- Re: new iss stuff der Mouse (May 10)
- Re: new iss stuff Timothy Newsham (May 10)
- Re: new iss stuff jallen () nersc gov (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Andrew Watts (May 10)
- Re: new iss stuff Pat Myrto (May 10)
- Re: new iss stuff Steven C. Blair (May 10)
- iss: _my_ last two cents der Mouse (May 11)
- Re: new iss stuff Pat Myrto (May 10)
- passwd -F Steve Mitchell (May 10)
- Re: passwd -F Pat Myrto (May 10)
- Re: passwd -F Daniel Azuelos (May 11)
- Re: passwd -F Casper Dik (May 11)
- Re: new iss stuff der Mouse (May 10)