Date: Wed, 04 Oct 2000 00:08:23 -0600 From: Brett Glass <brett@lariat.org> To: Matt Heckaman <matt@ARPA.MAIL.NET>, Mike Tancsa <mike@sentex.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: BSD chpass Message-ID: <4.3.2.7.2.20001003235232.0499b980@localhost> In-Reply-To: <Pine.BSF.4.21.0010040116090.79727-100000@epsilon.lucida.qc .ca> References: <4.2.2.20001004011210.035225e0@mail.sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
4.1-RELEASE and 4.1-STABLE do not seem to be vulnerable because the format string bug upon which the exploit relies is gone. (It took me awhile to hunt this one down. It was in /src/usr.sbin/vipw/pw_util.c -- not in the directory with the source for chpass itself.) 4.0-RELEASE and all earlier releases I've tested seem to be vulnerable. --Brett At 11:16 PM 10/3/2000, Matt Heckaman wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I've confirmed this to work on 3.5-STABLE as of Sep 21. It did NOT work on >my 4.1-STABLE or 4.1.1-RELEASE machines, but they could still be >vulnerable in a method outside the scope of the posted exploit. I just >found out about this 5 minutes and ran to turn off the suid bit :P To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20001003235232.0499b980>