NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-09

From: David Terrell (dbtmeat.net)
Date: Thu Sep 20 2001 - 16:59:39 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 20, 2001 at 09:48:34PM +0200, Przemyslaw Frasunek wrote:
> [snip]
> in session.c, which allows to read ANY file in system with superuser
> privileges, by defining:
>
> default:\
> :copyright=/etc/master.passwd:
> or
> :welcome=/etc/master.passwd:
> in user's ~/.login_conf.
>
> [snip telnetd/login]
> default:\
> :nologin=/etc/master.passwd:
>
> [blah blah FreeBSD core]
>
> Official advisory is pending. It's possible, that other *BSD systems,
> supporting login capability database are also vulnerable.

I can't duplicate either of these with OpenBSD 2.9.

-- 
David Terrell            | "My question is, if a mime types, isn't 
dbtmeat.net             |  that kinda cheating?"
http://wwn.nebcorp.com/  |    - Jason Zych

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]