Bugtraq mailing list archives
Re: kscd vulnerability
From: k8e () TURBOLINUX COM (Katherine M. Moussouris)
Date: Thu, 25 May 2000 23:50:35 -0700
On Thu, 25 May 2000, Sebastian wrote:
On Wed, 24 May 2000, Matt Wilson wrote:Red Hat Linux does not ship kscd setuid. MattI never said so. I said it comes _setgid_ disk. I never wrote about RedHat even. Exploit was tested uner SuSE 6.4 only.
Sebastian's exploit does NOT work against TurboLinux versions 6.0.4 and earlier. According to the comments in his perl script "7350kscd," an affected system has kscd setgid disk. TurboLinux, by default, does NOT do this. -k8e
<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Katie Moussouris Software Engineer k8e () turbolinux com Security Tzarina (650)228-5000 TurboLinux, Inc.
Current thread:
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Darren Moffat - Solaris Sustaining Engineering (May 15)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Jeremy Rauch (May 15)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Casper Dik (May 15)
- kscd vulnerability Sebastian (May 16)
- Re: kscd vulnerability Matt Wilson (May 24)
- Re: kscd vulnerability Sebastian (May 25)
- more majordomo brokeness Federico G. Schwindt (May 23)
- Re: more majordomo brokeness Richard Trott (May 31)
- I think Jay Mobley (May 23)
- Re: kscd vulnerability Katherine M. Moussouris (May 25)
- Re: New Solaris root exploit for /usr/lib/lp/bin/netpr Jeremy Rauch (May 15)
- Re: Cisco Bug James Sneeringer (May 16)
- Security Bulletins Digest (fwd) Mike Bush (May 17)
- Re: Banner Rotation 01 Joao Pedro Gonçalves (May 17)