Bugtraq mailing list archives
[linux-security] sliplogin
From: dholland () hcs HARVARD EDU (David Holland)
Date: Tue, 16 Jul 1996 15:27:19 -0500
Anyone running a version of sliplogin older than sliplogin-2.1.0 (which can be gotten from sunsite.unc.edu:/pub/Linux/system/Network/serial or ftp.uk.linux.org:/pub/linux/Networking/transports) should remove it or upgrade it immediately. It does setuid(0); if (s = system(logincmd)) { : } without clearing the environment first. Therefore, anybody can get root trivially. The sliplogin from NetKit-B-0.06 is affected. Current RedHat sliplogin is not affected. Others I don't know about. -- - David A. Holland | Number of words in the English language that dholland () hcs harvard edu | exist because of typos or misreadings: 381
Current thread:
- Re: at the risk of another flamefest.. Peter Jeremy (Jul 15)
- Re: at the risk of another flamefest.. David Stagner (Jul 15)
- identd hole? Brett L. Hawn (Jul 15)
- Re: identd hole? Rob Quinn (Jul 16)
- <Possible follow-ups>
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Mike Neuman (Jul 15)
- Re: at the risk of another flamefest.. Brian Clapper (Jul 16)
- Re: at the risk of another flamefest.. David Miller (Jul 16)
- Re: at the risk of another flamefest.. David Stagner (Jul 16)
- [linux-security] sliplogin David Holland (Jul 16)
- Re: at the risk of another flamefest.. Steve \ (Jul 16)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 16)