|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: BSD chpass
From: Adrian Chadd (adrian
CREATIVE.NET.AU)Date: Wed Oct 04 2000 - 00:40:07 CDT
- Next message: Warner Losh: "Re: [sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
- Previous message: George Bakos: "Re: Pegasus mail file reading vulnerability"
- In reply to: caddis: "BSD chpass"
- Reply: Adrian Chadd: "Re: BSD chpass"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Oct 04, 2000, caddis wrote:
> /*
> * TESO BSD chpass exploit - caddis <caddisdissension.net>
> *
> * greets: #!teso, #!w00w00, #hert!, #ozsecurity, #plus613
> *
> */
[snip]
> strcat(fmt_string, "EDITOR=");
> for (x = 0; x < target->count; x++) {
> strcat(fmt_string, "%8x");
> len += 8;
> }
[snip]
Anything after July 28th in RELENG_4 is clean and anything after
July 12th on -current is clean, so 4.1 and 4.1.1-RELEASE are not
vulnerable.
(in vipw/pw_util.c)
revision 1.17.2.1
date: 2000/07/20 10:35:27; author: kris; state: Exp; lines: +1 -1
MFC: Don't call vfprintf-like functions without a format string.
revision 1.18
date: 2000/07/12 00:49:40; author: kris; state: Exp; lines: +2 -2
Don't call warn() without a format string.
Adrian
-- Adrian Chadd "If a butterfly flaps its wings in China, <adrian
- Next message: Warner Losh: "Re: [sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
- Previous message: George Bakos: "Re: Pegasus mail file reading vulnerability"
- In reply to: caddis: "BSD chpass"
- Reply: Adrian Chadd: "Re: BSD chpass"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]