Bugtraq: Re: Linux OpenExchange - cleartext rootpw in swap

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Linux OpenExchange - cleartext rootpw in swap

From: Valdis.Kletnieks () vt edu
Date: Thu, 02 Sep 2004 13:24:33 -0400

On Tue, 31 Aug 2004 20:48:50 +0200, Rainer Duffner said:

It would be bad, if a non-priviledged user had access to the swap-partition.
On the two SLOXs I have access to, the swap-partition is only
group-readable by the "disk" group.


At which point, if you can get access to group "disk", you have probably 0wned
the box completely.  So there *is* a privilege escalation issue there.....

Attachment: _bin
Description:

By Date By Thread

Current thread:

Re: Linux OpenExchange - cleartext rootpw in swap Valdis . Kletnieks (Sep 02)
- <Possible follow-ups>
- Re: Linux OpenExchange - cleartext rootpw in swap Joshua Goodall (Sep 03)