Vulnerability Development mailing list archives
Re: /var/named world writeable in latest slack
From: Jason Storm <sec () ORGONE NEGATION NET>
Date: Thu, 12 Oct 2000 00:32:08 -0700
On Thu, 12 Oct 2000, Michal Zalewski wrote:
On Wed, 11 Oct 2000, Jason Storm wrote:I just installed the latest slack distro from ftp.freesoftware.com, not the ISO btw, and /var/named was world writeable.If so, it almost for sure means root compromise, AFAIK. As I recall, config file parsing could cause some overflows...
I sincerely doubt the box was hacked </famous last words>; named was never running for one thing (its commented out of rc.inet2 by default), and this was found literally within 2 minutes of the first reboot after the install. Those 2 minutes were spent locking down inetd.conf and terming all rpc services. Plus it was behind a firewall.. and while yes, someone could have nailed it from another machine on the LAN, it just doesnt seem as likely as another packaging oversite (/etc/shells and such)..
I'm looking for a good job: http://lcamtuf.hack.pl/job.html_______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
-jason storm negation industries
Current thread:
- /var/named world writeable in latest slack Jason Storm (Oct 11)
- Re: /var/named world writeable in latest slack Michal Zalewski (Oct 12)
- Re: /var/named world writeable in latest slack Jason Storm (Oct 12)
- Re: /var/named world writeable in latest slack Michal Zalewski (Oct 12)
- Re: /var/named world writeable in latest slack Jason Storm (Oct 12)
- Re: /var/named world writeable in latest slack Dave McLaughlin (Oct 12)
- Re: /var/named world writeable in latest slack Brian Poole (Oct 13)
- <Possible follow-ups>
- Fw: /var/named world writeable in latest slack Dave McLaughlin (Oct 12)
- Re: /var/named world writeable in latest slack Michal Zalewski (Oct 12)