Bugtraq mailing list archives

[linux-security] sliplogin

From: dholland () hcs HARVARD EDU (David Holland)
Date: Tue, 16 Jul 1996 15:27:19 -0500


Anyone running a version of sliplogin older than sliplogin-2.1.0
(which can be gotten from sunsite.unc.edu:/pub/Linux/system/Network/serial
or ftp.uk.linux.org:/pub/linux/Networking/transports) should remove it
or upgrade it immediately.

It does

        setuid(0);
        if (s = system(logincmd)) {
           :
        }

without clearing the environment first. Therefore, anybody can get
root trivially.

The sliplogin from NetKit-B-0.06 is affected.
Current RedHat sliplogin is not affected.
Others I don't know about.

--
   - David A. Holland          | Number of words in the English language that
     dholland () hcs harvard edu  | exist because of typos or misreadings: 381

Current thread:

Re: at the risk of another flamefest.. Peter Jeremy (Jul 15)
- Re: at the risk of another flamefest.. David Stagner (Jul 15)
- identd hole? Brett L. Hawn (Jul 15)
  - Re: identd hole? Rob Quinn (Jul 16)
- <Possible follow-ups>
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 15)
- Re: at the risk of another flamefest.. Mike Neuman (Jul 15)
  - Re: at the risk of another flamefest.. Brian Clapper (Jul 16)
  - Re: at the risk of another flamefest.. David Miller (Jul 16)
  - Re: at the risk of another flamefest.. David Stagner (Jul 16)
    - [linux-security] sliplogin David Holland (Jul 16)
    - Re: at the risk of another flamefest.. Steve \ (Jul 16)
- Re: at the risk of another flamefest.. Eugene Bradley (Jul 16)