Vulnerability Development mailing list archives

Re: /var/named world writeable in latest slack

From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Thu, 12 Oct 2000 08:50:12 +0200

On Wed, 11 Oct 2000, Jason Storm wrote:

I just installed the latest slack distro from ftp.freesoftware.com,
not the ISO btw, and /var/named was world writeable.


If so, it almost for sure means root compromise, AFAIK. As I recall,
config file parsing could cause some overflows...

I'm looking for a good job: http://lcamtuf.hack.pl/job.html


_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

Current thread:

/var/named world writeable in latest slack Jason Storm (Oct 11)
- Re: /var/named world writeable in latest slack Michal Zalewski (Oct 12)
  - Re: /var/named world writeable in latest slack Jason Storm (Oct 12)
    - Re: /var/named world writeable in latest slack Michal Zalewski (Oct 12)
- Re: /var/named world writeable in latest slack Dave McLaughlin (Oct 12)
  - Re: /var/named world writeable in latest slack Brian Poole (Oct 13)
- <Possible follow-ups>
- Fw: /var/named world writeable in latest slack Dave McLaughlin (Oct 12)