Bugtraq mailing list archives
Re: BSD chpass
From: Adrian Chadd <adrian () CREATIVE NET AU>
Date: Wed, 4 Oct 2000 13:40:07 +0800
On Wed, Oct 04, 2000, caddis wrote:
/* * TESO BSD chpass exploit - caddis <caddis () dissension net> * * greets: #!teso, #!w00w00, #hert!, #ozsecurity, #plus613 * */
[snip]
strcat(fmt_string, "EDITOR=");
for (x = 0; x < target->count; x++) {
strcat(fmt_string, "%8x");
len += 8;
}
[snip]
Anything after July 28th in RELENG_4 is clean and anything after
July 12th on -current is clean, so 4.1 and 4.1.1-RELEASE are not
vulnerable.
(in vipw/pw_util.c)
revision 1.17.2.1
date: 2000/07/20 10:35:27; author: kris; state: Exp; lines: +1 -1
MFC: Don't call vfprintf-like functions without a format string.
revision 1.18
date: 2000/07/12 00:49:40; author: kris; state: Exp; lines: +2 -2
Don't call warn() without a format string.
Adrian
--
Adrian Chadd "If a butterfly flaps its wings in China,
<adrian () creative net au> will a woman get naked in Amsterdam?"
-- Ashley Penney on Chaos Theory
Current thread:
- BSD chpass caddis (Oct 03)
- Re: BSD chpass Warner Losh (Oct 03)
- User operator under Red Hat 6.2 DIEGO GARCIA _ DIRECCION DE SISTEMAS-. (Oct 04)
- Re: User operator under Red Hat 6.2 Stefan Laudat (Oct 04)
- Re: User operator under Red Hat 6.2 Kurt Seifried (Oct 04)
- User operator under Red Hat 6.2 DIEGO GARCIA _ DIRECCION DE SISTEMAS-. (Oct 04)
- Re: BSD chpass Adrian Chadd (Oct 04)
- Re: BSD chpass Warner Losh (Oct 03)