[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] fun with /usr/lib/authenticate

Subject: Re: [cobalt-security] fun with /usr/lib/authenticate
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Fri, 23 Aug 2002 19:57:32 +0200
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Graeme,

> In the best tradition of public full disclosure, indeed it is. You need a
> smattering of shell scripting knowledge to work out where the fault is.

Yepp, there are a couple of flaws in the disclosed script and once they are 
fixed, then it works pretty well. I tested it on a RaQ4 with all patches 
(including SHP) and it did spawn a rootshell.

> The fix is almost made extremely clear inside the exploit script.

Yeah, it sure is. And I bet we've not seen the last of this problem as there 
are more SUID=root binaries which could be exploited in a similar fashion.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

References:
- RE: [cobalt-security] fun with /usr/lib/authenticate
  - From: Graeme Fowler

Prev by Date: RE: [cobalt-security] fun with /usr/lib/authenticate
Next by Date: Re: [cobalt-security] fun with /usr/lib/authenticate
Previous by thread: RE: [cobalt-security] fun with /usr/lib/authenticate
Next by thread: Re: [cobalt-security] fun with /usr/lib/authenticate

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index