Bugtraq mailing list archives
Re: UUCP
From: Bob Howard <reh () umich edu>
Date: Fri, 30 Nov 2001 08:48:17 -0500
Izik wrote:
Hello i've found buffer overflow in uucp. in BSDi platform
...
since uucp is by nature suid. and the ownership is by uucp i don't see the real profit.
Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode, and others. So if I can use this vuln to su uucp, I can trojan e.g. tip. Then the next time root runs what he thinks is tip, I've got the box. Bob -- Robert Howard University of Michigan Lead System Administrator IT Central Services Strategic Projects Operations
Current thread:
- UUCP Izik (Nov 29)
- Re: UUCP Bob Howard (Nov 30)