[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] fun with /usr/lib/authenticate
- Subject: Re: [cobalt-security] fun with /usr/lib/authenticate
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 23 Aug 2002 19:57:32 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Graeme,
> In the best tradition of public full disclosure, indeed it is. You need a
> smattering of shell scripting knowledge to work out where the fault is.
Yepp, there are a couple of flaws in the disclosed script and once they are
fixed, then it works pretty well. I tested it on a RaQ4 with all patches
(including SHP) and it did spawn a rootshell.
> The fix is almost made extremely clear inside the exploit script.
Yeah, it sure is. And I bet we've not seen the last of this problem as there
are more SUID=root binaries which could be exploited in a similar fashion.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer