Vulnerability Development mailing list archives
Re: BSD chfn bug
From: imp () VILLAGE ORG (Warner Losh)
Date: Tue, 21 Dec 1999 12:28:13 -0700
In message <19991220153724.A24141 () hq alert sk> Pavol Luptak writes: : My friend a long time ago found a hole in BSD chfn/chsh/chpass vulnerable i= : n all versions FreeBSD 2.x - 4.0. I don't find any possibility how this exp= : loit. I think, readers of this mailing list will appreciate this. Lukasz Luzar found this months ago. I've been testing his fixes on my machine for some time (mostly becuase I got busy and didn't commit them). I'm going to fix that now. At best you can get a file in /etc/ that is owned by yourself. Warner
Current thread:
- Re: Idiocy "exploit", (continued)
- Re: Idiocy "exploit" Blue Boar (Dec 01)
- Re: Idiocy "exploit" Joel Eriksson (Dec 03)
- Owning privileged processes under UnixWare Tellier, Brock (Dec 06)
- Re: Owning privileged processes under UnixWare Elias Levy (Dec 06)
- Re: Owning privileged processes under UnixWare Blue Boar (Dec 07)
- rpcclient 2.0.5a crashed services.exe Blue Boar (Dec 13)
- Wireless LANs ? Sebastian Andersson (Dec 14)
- [Fwd: rpcclient 2.0.5a crashed services.exe] Blue Boar (Dec 15)
- BSD chfn bug Pavol Luptak (Dec 20)
- Re: BSD chfn bug Przemyslaw Frasunek (Dec 21)
- Re: BSD chfn bug Warner Losh (Dec 21)
- Re: BSD chfn bug Tellier, Brock (Dec 23)
- Re: BSD chfn bug Stanislav N. Vardomskiy (Dec 25)
- Re: BSD chfn bug Michal Zalewski (Jul 21)
- ssh quirks... Scott D. Yelich (Dec 26)
- Re: ssh quirks... Ryan Permeh (Dec 27)
- Re: ssh quirks... Scott D. Yelich (Dec 27)
- Re: ssh quirks... C.J. Oster (Dec 27)
- Re: ssh quirks... Blue Boar (Dec 27)
- Re: ssh quirks... Ralph the Wonder Llama (Dec 27)
- Re: ssh quirks... LaMont Jones (Dec 27)
- Re: Idiocy "exploit" Blue Boar (Dec 01)