Bugtraq mailing list archives

Re: Exploit for Linux wu.ftpd hole

From: medulla () infosoc com (Mike Edulla)
Date: Sat, 8 Jul 1995 01:02:18 -0400


On Thu, 6 Jul 1995, Michael Shields wrote:

Date: Thu, 6 Jul 1995 23:33:54 +0000
From: Michael Shields <shields () tembel org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ () CRIMELAB COM>
Subject: Re: Exploit for Linux wu.ftpd hole

minicom has a known, but not very well-known hole in it that is nearly
identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71
version of minicom, you can get root,


What is minicom doing as root?  It should be setgid dialout.

Is Slackware really doing that?


According to the minicom docs, minicom is designed to be suid root, and
won't work otherwise, and thats how its installed. You're right though,
it should be sgid UUCP or whatever...

But...The bug has been fixed, although third party suid root programs are
always suspicious.

When you move something on top of messages, messages is unlinked.
The file is still open, but no longer accessible through the directory
structure.


Can this not be detected? Obviously the write will fail, when this occurs
- should not syslogd reopen (or attempt to reopen) the messages file, and
make a note of the problem as a debug warning? Or is there something that
makes this impossible/impractical.

Current thread:

Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4), (continued)
- - - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jeremy Fitzhardinge (Jul 13)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) James W. Abendschan (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Lyndon Nerenberg (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Karl Strickland (Jul 10)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Perry E. Metzger (Jul 10)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing BioH (Jul 10)
    - Re: Exploit for Linux wu.ftpd hole Nathan Lawson (Jul 09)
  - Re: Exploit for Linux wu.ftpd hole Michael Shields (Jul 06)
    - Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 07)
- Why are we using priveleged images / state so much? (Was Re: Paul Robinson (Jul 06)
  - Re: Why are we using priveleged images / state so much? (Was Re: Dr. Frederick B. Cohen (Jul 06)
  - Details of linux select(2) bug? Karl Strickland (Jul 07)
  - SM 8.6.12 Nathan Lawson (Jul 08)
    - Re: SM 8.6.12 Karl Strickland (Jul 08)
    - Re: SM 8.6.12 Christopher A. Stewart (Jul 11)
    - Re: SM 8.6.12 Mark A. Fullmer (Jul 13)
    - Re: SM 8.6.12 Eric Allman (Jul 16)
    - inetd probs Mark (Jul 17)
    - Re: SM 8.6.12 Pat The Friendly RedNeck (Jul 17)

(Thread continues...)