Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 21 Jan 2001 02:24:26 -0800
From:      Kris Kennaway <kris@FreeBSD.ORG>
To:        Alex Charalabidis <alex@wnm.net>
Cc:        Thakingfish <thakingfish@hal3000.cx>, freebsd-questions@FreeBSD.ORG
Subject:   Re: dnetc in FBSD
Message-ID:  <20010121022426.C63217@citusc17.usc.edu>
In-Reply-To: <Pine.BSF.4.21.0101210325400.35451-100000@earth.wnm.net>; from alex@wnm.net on Sun, Jan 21, 2001 at 03:31:26AM -0600
References:  <000501c08385$163169c0$0200000a@hal3000.cx> <Pine.BSF.4.21.0101210325400.35451-100000@earth.wnm.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--9Ek0hoCL9XbhcSqy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jan 21, 2001 at 03:31:26AM -0600, Alex Charalabidis wrote:
> On Sun, 21 Jan 2001, Thakingfish wrote:
>=20
> > Hi,
> > whats this all about?
> >
> > Revision 1.20 / (download) - annotate - [select for diffs], Sun Jan 21
> > 00:48:20 2001 UTC (7 hours, 49 minutes ago) by kris
> > Branch: MAIN
> > CVS Tags: HEAD
> > Changes since 1.19: +2 -1 lines
> > Diff to previous 1.19 (colored)
> > Mark FORBIDDEN; local buffer overflows yielding user nobody.
> >=20
> Looking at the Makefile, it appears that dbaker himself marked
> it. Straight from the horse's mouth, though the horse doesn't seem to have
> told anyone anything so far... I'm sure it'll get its fair share of
> publicity soon enough.

No, it was me ("kris" :-). It means what it says; the dnetc client is
installed setuid nobody, and I discovered that it has locally
exploitable buffer overflows which can be used to gain the privileges
of that user. On many systems the nobody user actually has ownership
of some files, etc, and may even be used to run services (the apache
ports are a prime offender here), so this is a potential security risk
on those systems.

Kris

--=20
NOTE: To fetch an updated copy of my GPG key which has not expired,
finger kris@FreeBSD.org

--9Ek0hoCL9XbhcSqy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6arjZWry0BWjoQKURAhqOAJ96qXEwck3evmKQlws4HH9Q0NptUQCg4Cgk
Gn4m1cxBOf51ltsM+hBVjVI=
=i38g
-----END PGP SIGNATURE-----

--9Ek0hoCL9XbhcSqy--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010121022426.C63217>