<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: hole in sudo for MP-RAS.

Re: hole in sudo for MP-RAS.

From: Todd C. Miller <Todd.Miller_at_COURTESAN.COM>
Date: Mon, 12 Jan 1998 21:02:51 -0700

The real problem is that there is an assumption in the path
matching code that things will start with '/' but they can
also, of course, start with '.'. Here's the "official" patch
if you will...

- todd

--- parse.c 1996/11/14 02:37:16 1.76
+++ parse.c 1998/01/13 03:59:35
@@ -218,7 +218,7 @@
static char *c;

/* don't bother with pseudo commands like "validate" */
- if (*cmnd != '/')
+ if (*cmnd != '/' && *cmnd != '.')
return(FALSE);

/* only need to stat cmnd once since it never changes */
Received on Jan 12 1998

This message: [ Message body ]
Next message: dsiebert_at_ICAEN.UIOWA.EDU: "Re: hole in sudo for MP-RAS."
Previous message: Cy Schubert - ITSD Open Systems Group: "Re: hole in sudo for MP-RAS."
In reply to: Cy Schubert - ITSD Open Systems Group: "Re: hole in sudo for MP-RAS."
Next in thread: Todd C. Miller: "Re: hole in sudo for MP-RAS."
Reply: Todd C. Miller: "Re: hole in sudo for MP-RAS."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos