Linux Today: Linux News On Internet Time.

O'Reilly Network: Insecurities in a Nutshell: OpenBSD, Zope, syslogd, and More

Dec 29, 2000, 09:04 (0 Talkback[s])
(Other stories by Noel Davis)

"Problems this week include a remote root exploit of OpenBSD and NetBSD, more temporary file problems in Solaris's patchadd and ksh, local root vulnerabilities in Stunnel, syslogd, and klogd, and new tools for man in the middle attacks."

"OpenBSD / NetBSD ftpd
A remote root exploit has been found in the OpenBSD and NetBSD FTP daemons. It's caused by an obscure one byte buffer overflow in ftpd that can grant root access to a remote attacker under some circumstances. OpenBSD ships with ftpd turned off and the attacker must be able to write to a directory. For these reasons it has been reported that read-only OpenBSD FTP servers are safe from this attack."

ksh, the Korn shell, also has a problem with the way it handles temporary files. A script that uses the << syntax can allow a malicious user to write to arbitrary files belonging to the user that is executing the script. Unix distributions that have been reported as being vulnerable include IRIX 6.5.7, HP-UX B.09.00, Tru64 5.0, and Solaris 7. Unix distributions that are reported as having a safe version include Linux, NetBSD, Solaris 8, and HP-UX B.11.00. It is recomended that you check with your vendor for a updated version."

Complete Story

Related Stories: