|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Sebastian (scut_at_nb.in-berlin.de)
Date: Fri Oct 04 2002 - 01:42:24 CDT
Hi.
On Wed, Oct 02, 2002 at 12:00:38PM -0400, buzheng wrote:
> But, the remote setting of TTYPROMPT does matter. you can not succeed in
> login without remotely changing the TTYPROMPT. This is also the bug
> mentioned in Jonathan's original letter (bid:5531).
Which is plain wrong. This may be true for the 64 times " c" method, but in
the generic case it does not matter.
The second bug in login, where login walks out of a 64 (char *) array can be
exploited remotely to gain root privileges even if you cannot login as root
legally and even if you do not touch TTYPROMPT at all.
> If you have applied patches for these 2 bugs, you are safe now.
And everybody should have done so since November 2001.
> --
> bu,zheng <buzheng2001
yahoo.com>
ciao,
Sebastian
-- -. scut
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]