Vulnerability Development mailing list archives
Re: [VulnWatch] blackshell3: multiple pwck/grpck vulnerabilities
From: "Larry W. Cashdollar" <lwc () vapid dhs org>
Date: Wed, 2 Jan 2002 09:43:02 -0500 (EST)
These are not setuid root on my debian and redhat boxes. (debian 2.2) [lwc@borq ~ $] uname -a Linux borq 2.2.20 #3 Sat Dec 29 22:01:31 EST 2001 i586 unknown [lwc@borq ~ $] ls -l /usr/sbin/pwck -rwxr-xr-x 1 root root 19708 Dec 25 09:33 /usr/sbin/pwck [lwc@borq ~ $] ls -l /usr/sbin/grpck -rwxr-xr-x 1 root root 22204 Dec 25 09:33 /usr/sbin/grpck redhat 6.2 $ uname -a Linux furry 2.2.20 #3 SMP Fri Jun 19 12:10:15 EDT 2001 i686 unknown $ ls -l /usr/sbin/grpck -rwxr-xr-x 1 root root 22352 Feb 16 2000 /usr/sbin/grpck $ ls -l /usr/sbin/pwck -rwxr-xr-x 1 root root 19536 Feb 16 2000 /usr/sbin/pwck
Linux (redhat): # /usr/sbin/pwck `perl -e 'print "X"x3000'` Segmentation Fault (core dumped) # # /usr/sbin/grpck `perl -e 'print "X"x3000'` Segmentation Fault (core dumped) #
Current thread:
- Re: [VulnWatch] blackshell3: multiple pwck/grpck vulnerabilities Larry W. Cashdollar (Jan 02)