Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: aterm 0.4.2 tty permission weakness

aterm 0.4.2 tty permission weakness

From: Maarten Tielemans <TTIelu_DaInfraCrew_at_hotmail.com>
Date: 13 Jul 2004 16:04:18 -0000
('binary' encoding is not supported, stored as-is) Aterm has an issue with creating a terminal.

A quick ‘ls –al’ on a aterm with ‘mesg y’ shows:
crw--w--w- 1 alsdk users 5, 3 Jul 13 17:27 /dev/ttyp3
with ‘mesg n’:
crw-----w- 1 alsdk users 5, 3 Jul 13 17:28 /dev/ttyp3

1) World (nobody) is able to ‘echo’ or ‘cat’ towards the terminal
echo “hello” >> /dev/ttyp3
cat mkdir >> /dev/ttyp3
2) The group seems to be incorrect, a normal terminal has default group tty

A xterm with ‘mesg y’ shows :
crw--w---- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5
and with ‘mesg n’ :
crw------- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5

Advice: use xterm

Bug found by TTIelu, reverse engineered by alsdk and TTIelu
Received on Jul 13 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]