Full Disclosure mailing list archives

/etc/passwd corruption

From: halfdog <me () halfdog net>
Date: Tue, 25 Jan 2011 19:41:30 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello List,

On ubuntu lucid, I found a way to add corrupted entries to /etc/passwd
e.g. "AAA\n", but not to /etc/shadow. Does someone know a way to use
that for privilege escalation? What is the "+" line handling in
/etc/passwd for?

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFNPyd1xFmThv7tq+4RAtVLAJ44RJHARRd9epWky3NlcSCpKjVpjQCfUN9U
IAO/YraGElqW94OJWpVCKSk=
=q/kZ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

/etc/passwd corruption halfdog (Jan 25)
- Re: /etc/passwd corruption John Jacobs (Jan 25)
- <Possible follow-ups>
- Re: /etc/passwd corruption Benji (Jan 25)