Bugtraq mailing list archives
Re: BSD chpass
From: Adrian Chadd <adrian () CREATIVE NET AU>
Date: Wed, 4 Oct 2000 13:40:07 +0800
On Wed, Oct 04, 2000, caddis wrote:
/* * TESO BSD chpass exploit - caddis <caddis () dissension net> * * greets: #!teso, #!w00w00, #hert!, #ozsecurity, #plus613 * */
[snip]
strcat(fmt_string, "EDITOR="); for (x = 0; x < target->count; x++) { strcat(fmt_string, "%8x"); len += 8; }
[snip] Anything after July 28th in RELENG_4 is clean and anything after July 12th on -current is clean, so 4.1 and 4.1.1-RELEASE are not vulnerable. (in vipw/pw_util.c) revision 1.17.2.1 date: 2000/07/20 10:35:27; author: kris; state: Exp; lines: +1 -1 MFC: Don't call vfprintf-like functions without a format string. revision 1.18 date: 2000/07/12 00:49:40; author: kris; state: Exp; lines: +2 -2 Don't call warn() without a format string. Adrian -- Adrian Chadd "If a butterfly flaps its wings in China, <adrian () creative net au> will a woman get naked in Amsterdam?" -- Ashley Penney on Chaos Theory
Current thread:
- BSD chpass caddis (Oct 03)
- Re: BSD chpass Warner Losh (Oct 03)
- User operator under Red Hat 6.2 DIEGO GARCIA _ DIRECCION DE SISTEMAS-. (Oct 04)
- Re: User operator under Red Hat 6.2 Stefan Laudat (Oct 04)
- Re: User operator under Red Hat 6.2 Kurt Seifried (Oct 04)
- User operator under Red Hat 6.2 DIEGO GARCIA _ DIRECCION DE SISTEMAS-. (Oct 04)
- Re: BSD chpass Adrian Chadd (Oct 04)
- Re: BSD chpass Warner Losh (Oct 03)