Bugtraq mailing list archives

Re: majordomo local exploit

From: atatat () ATATDOT NET (Andrew Brown)
Date: Thu, 30 Dec 1999 18:16:26 -0500

This patch should take care of that problem:

--- majordomo.old       Sat Oct  2 02:30:30 1999
+++ majordomo   Thu Dec 30 04:34:25 1999
@@ -44,6 +44,25 @@
    die("$cf not readable; stopped");
}

+# Check if the cf file is owned by effective uid
+if ((stat($cf))[4] != $>) {
+    die("$cf not owned by effective uid; stopped");
+}
...
Comments?


hmm...race condition?

it would really be better (in this vein) to (a) open the config file,
(b) fstat it (once, not twice) and (c) then read and eval the code
rather using require (since you can't "require" a file handle).

of course...using a config file or perl is nice, since you *can*
simply require it, but a parsed config file that just sets variables
is better since it implicitly disallows attacks like this.

--
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
andrew () crossbar com       * "information is power -- share the wealth."

Current thread:

Third Party Software Affected by IIS "Escape Character Parsing" V ulnerability, (continued)
- Third Party Software Affected by IIS "Escape Character Parsing" V ulnerability Microsoft Product Security Response Team (Dec 28)
- majordomo local exploit Brock Tellier (Dec 28)
  - $cf Security flaw Shevek (Dec 02)
  - Re: majordomo local exploit Christopher Schulte (Dec 28)
  - Re: majordomo local exploit Todd C. Miller (Dec 28)
    - AltaVista rudi carell (Dec 29)
    - Re: majordomo local exploit Taneli Huuskonen (Dec 29)
    - Re: majordomo local exploit Coolio (Dec 29)
    - Re: majordomo local exploit Henrik Edlund (Dec 29)
    - bna,sh Loneguard (Dec 30)
    - Re: majordomo local exploit Andrew Brown (Dec 30)
    - Re: majordomo local exploit Henrik Nordstrom (Dec 30)
    - Fix for HP-UX automountd/autofs exploit (fwd) Doug Siebert (Dec 30)
    - Re: Fix for HP-UX automountd/autofs exploit (fwd) LaMont Jones (Dec 31)
    - vibackup.sh Loneguard (Dec 31)
    - More info on MS99-061 (IIS escape character vulnerability) .rain.forest.puppy. (Dec 29)
    - Follow UP AltaVista rudi carell (Dec 30)
    - Re: majordomo local exploit Brock Sides (Dec 29)
  - CERT Advisory CA-99-17 Denial-of-Service Tools Aleph One (Dec 29)
  - Re: majordomo local exploit Christopher X. Candreva (Dec 29)
  - The "Mac DoS Attack," a Scheme for Blocking Internet Connections John Copeland (Dec 29)

(Thread continues...)