Bugtraq mailing list archives
Re: numerous free/paid account systems are vulnerable to privledges elevation attacks
From: Jeff Bachtel <sebastion () IRELANDMAIL COM>
Date: Sun, 12 Nov 2000 20:53:06 -0600
1) specific Unix system have to allow the attacker to create his account automatically (usually via www - both in paid and free ISP installations),
Starting off with this, I know of no distribution (of OpenBSD, of RedHat, of Debian etc.) that has any sort of automatic account generation built in. This is a function of the application software used to create the user, and therefore this advisory should be specifically targeted at applications broken in this regard. Additionally, the useradd tool on OpenBSD is not vulnerable, if the proper syntax is used. For automatic account creation, the command that should be used to create a user and the group to go with it (according to manpage for useradd) would be: useradd -g=uid kmem To add a user kmem (again, assuming the auto generation application is dumb enough to accept something like that). The user kmem will be created, and assigned to a gid equal to his uid, however no line will be added to /etc/groups, because a group of that name already exists. Improper use of useradd is, again, a function of the web account interface, and is beyond the scope of a general unix vulnerability. jeff
Current thread:
- numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Bernhard Rosenkraenzer (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Alexander Schreiber (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Pavel Korovin (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Tomasz Kłoczko (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks hellman (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Jeff Bachtel (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Michal Zalewski (Nov 14)