O'Reilly Network: Insecurities in a Nutshell: OpenBSD, Zope, syslogd, and More
Dec 29, 2000, 09:04 (0 Talkback[s])
(Other stories by Noel Davis)
"Problems this week include a remote root exploit of OpenBSD
and NetBSD, more temporary file problems in Solaris's patchadd and
ksh, local root vulnerabilities in Stunnel, syslogd, and klogd, and
new tools for man in the middle attacks."
"OpenBSD / NetBSD ftpd
A remote root exploit has been found in the OpenBSD and NetBSD FTP
daemons. It's caused by an obscure one byte buffer overflow in ftpd
that can grant root access to a remote attacker under some
circumstances. OpenBSD ships with ftpd turned off and the attacker
must be able to write to a directory. For these reasons it has been
reported that read-only OpenBSD FTP servers are safe from this
attack."
"ksh
ksh, the Korn shell, also has a problem with the way it handles
temporary files. A script that uses the << syntax can allow a
malicious user to write to arbitrary files belonging to the user
that is executing the script. Unix distributions that have been
reported as being vulnerable include IRIX 6.5.7, HP-UX B.09.00,
Tru64 5.0, and Solaris 7. Unix distributions that are reported as
having a safe version include Linux, NetBSD, Solaris 8, and HP-UX
B.11.00. It is recomended that you check with your vendor for a
updated version."
Complete Story
Related Stories:
- O'Reilly Network: Insecurities in a Nutshell: SAMBA, pine, ircd, and More(Dec 27, 2000)
- O'Reilly Network: Insecurities in a Nutshell: KTH Kerberos, Red Hat PAM, and More(Dec 14, 2000)
- O'Reilly Network: Insecurities in a Nutshell: Twig, Midnight Commander, and More(Dec 08, 2000)
- O'Reilly Network: Insecurities in a Nutshell: Koules Local Root Exploit And More(Nov 29, 2000)
- O'Reilly Network: Insecurities in a Nutshell: Vixie cron Exploit and More(Nov 22, 2000)
