Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Solaris /usr/bin/cu Vulnerability
From: Wietse Venema <wietse () PORCUPINE ORG>
Date: Fri, 19 Jan 2001 13:02:45 -0500

On Thu, Jan 18, 2001 at 11:57:12PM +0100, Konrad Rieck wrote:
cu is only set setuid for the owner uucp and an attacker won't gain any
special privileges, but he would gain access to the files in /etc/uucp.

Michael H. Warfield:
      Correction...  He does gain special privileges.  He gains access
to all the uucp control files which can contain account names and passwords
on other systems.  It ain't root, but it's more than what he should have.

It is worse than that. Once UUCP privilege is gained you can replace
the UUCP executables. That gives you full control over any user that
happens to execute those UUCP executables - a root-owned cron job,
a sendmail.cf mailer rule that executes as daemon, and so on.

        Wietse


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]