Home page logo

bugtraq logo Bugtraq mailing list archives

Re: numerous free/paid account systems are vulnerable to privledges elevation attacks
From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Mon, 13 Nov 2000 10:44:01 +0100

On Sun, 12 Nov 2000, Jeff Bachtel wrote:

Starting off with this, I know of no distribution (of OpenBSD, of
RedHat, of Debian etc.) that has any sort of automatic account
generation built in.

That's why I am not saying this vulnerability is a problem of specific
distribution, but of a numerous account creation utils - this problem
seems to be generic, you could use any search engine to locate dozens of
adduser.cgi, adduser.pl amd similar scripts invoking system utilities.

Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]