Home page logo

bugtraq logo Bugtraq mailing list archives

From: Bob Howard <reh () umich edu>
Date: Fri, 30 Nov 2001 08:48:17 -0500

Izik wrote:


i've found buffer overflow in uucp. in BSDi platform
since uucp is by nature suid. and the ownership is by uucp
i don't see the real profit.

Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode,
and others.  So if I can use this vuln to su uucp, I can trojan e.g.
tip.  Then the next time root runs what he thinks is tip, I've got the

Robert Howard                   University of Michigan
Lead System Administrator       IT Central Services
Strategic Projects Operations

  By Date           By Thread  

Current thread:
  • UUCP Izik (Nov 29)
    • Re: UUCP Bob Howard (Nov 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]