Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
From: hellman <sec () artofit com>
Date: Sun, 12 Nov 2000 21:01:23 +0300

Hello Michal,

Friday, November 10, 2000, 5:37:17 PM, you wrote:

Hm...

There isn't this vulnerablity on FreeBSD systems...

Because adduser is a perl script....

If u use 'pw' to add users
u can define in /etc/pw.conf all information about new added users...
check
'pw -D' command



--
Unix-administrator, Security Analysist

mailto: hellman () freebsd sh < /etc/master.passwd

|| You doesn't need a good teacher, you need a good HEAD ||

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGiBDk2mmwRBADZ35CdgG9sFpIAWW/0z4D+uJc9I6k3CVa6P5XNwk3SQ1UyVkxV
sZiraUNpuUoXRDxxLCo5k9/ZsY0YJ7Cv/Yd/zkxz2rbacHZGX7Mq907Rcls7egQx
sHTyCCKlOAFlBFzg6wyOlkg9jGf88nhojfqkljN65m5u7o6SG5hi5qR8JQCg/5Qz
c+gSu9Mr9Rg9X54V0/ho8BkD/R7t6g+q5DNhTyxl0QyUJXL2OJAYhaujFPJpjgNC
VkALk8fK2O0Li5vD7nY/yAitEIlous5L75YKPQxxRvDd8rBBecCigkgEcQjpiHB7
PEjNRCWfM1Jsv05jWjTeAwoYtsJTulZv1zxvt5Z+D3qPMAFKbVth0jy+KbhrNzvQ
ULAAA/9N/rWTi+5C3t3dv0PxxxPpixy8wAfQLweog9DLkrBVODTAzi7z/+cEP4je
kmEqr4lmL6eWqW5sc2Y67loHp/K4VsoX2kKgVK1UkOAX0Nm0STwWO8hrSIue1Dbe
MnYV+hQkyxc/7Ll1f7+ei/FZCdz9cjQRcLIG2VU16My7deRWDrQeSGVsbF9tYW4g
PGhlbGxtYW5AYXN0cmF0ZWwucnU+iQBOBBARAgAOBQI5NppsBAsDAgECGQEACgkQ
V1wXLAwYCJ3oQwCdHpA5THKyWifi0XODfOYkaoqMZq8AoMo+nPGRndrvgR+k1ar2
UYJDZ6pPuQINBDk2mm0QCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoB
p1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnh
V5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr
5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4
XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zaf
q9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCACZsqA5WqknThTy
iW1yQyzsMOvPp72HW4Mup+qfuGUcCQQ+WqDGLMcj42Me1Zk3atVEcjWxMCgbRWPc
DMeoXt/B+/lsaZL207a58qKTP7TChGaDb5yzF2M/3vGI29PtTiyRqwljVdLtFx11
SJkyyIneSGHSbeM9m57Yt6AFxm+nhYLcto8bhAAPPNJmrj45Iyj7DA6X4GEp6BxC
Vs1d7tdl8Dfg3VxtcjbN7QfE1wuxl6C5zzMpl0Z6VNAU5Zg8oQy1w1zFzaq/WrQp
dweLAcgRg/Ej3DviDfz/2YamvXElcee+8vT7r8cCVwZLSAJ+EkrM3JZ6fNvGJH6I
3sjKoYagiQBGBBgRAgAGBQI5NpptAAoJEFdcFywMGAidwScAnj6XEfh7MkLCN8CM
7k7mm8UHd5WeAJ4+XVxbn35j6iZcEct4wQTaylNftw==
=TaEU
-----END PGP PUBLIC KEY BLOCK-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]