home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
QRZ! Ham Radio 4
/
QRZ Ham Radio Callsign Database - Volume 4.iso
/
digests
/
tcp
/
940094.txt
< prev
next >
Wrap
Internet Message Format
|
1994-11-13
|
3KB
Date: Thu, 19 May 94 04:30:05 PDT
From: Advanced Amateur Radio Networking Group <tcp-group@ucsd.edu>
Errors-To: TCP-Group-Errors@UCSD.Edu
Reply-To: TCP-Group@UCSD.Edu
Precedence: Bulk
Subject: TCP-Group Digest V94 #94
To: tcp-group-digest
TCP-Group Digest Thu, 19 May 94 Volume 94 : Issue 94
Today's Topics:
UNIVPERM Security Problem (2 msgs)
Send Replies or notes for publication to: <TCP-Group@UCSD.Edu>.
Subscription requests to <TCP-Group-REQUEST@UCSD.Edu>.
Problems you can't solve otherwise to brian@ucsd.edu.
Archives of past issues of the TCP-Group Digest are available
(by FTP only) from UCSD.Edu in directory "mailarchives".
We trust that readers are intelligent enough to realize that all text
herein consists of personal comments and does not represent the official
policies or positions of any party. Your mileage may vary. So there.
----------------------------------------------------------------------
Date: Wed, 18 May 94 14:40:25 CST
From: rtorres@tazz.coacade.uv.mx
Subject: UNIVPERM Security Problem
To: tcpgroup@ucsd.edu
Hi Folks!!. I have a security problem with the univperm permission. When it is
set, anyone can access any of the mailboxes by doing this: By example, your
login is root, and password xxxx. Then someone can access your mailbox by
entering 'root<space><space><space><space>xx', and any password he wants.
Off course it can be easily resolved by verifying that the login does not
contain a separator character before accepting it :), returning a 'wrong login'
message or something so. What do you think??
Greetings!!
Roman
-=-=-=-=-=-=-=-=
Roman Torres
Programmer
rtorres@tazz.coacade.uv.mx
Tazz BBS MEXICO
------------------------------
Date: Wed, 18 May 94 17:32:18 HST
From: tony@mpg.phys.hawaii.edu (Antonio Querubin)
Subject: UNIVPERM Security Problem
To: tcpgroup@ucsd.edu, nos-bbs@hydra.carleton.ca
> Hi Folks!!. I have a security problem with the univperm permission. When it is
> set, anyone can access any of the mailboxes by doing this: By example, your
> login is root, and password xxxx. Then someone can access your mailbox by
> entering 'root<space><space><space><space>xx', and any password he wants.
> Off course it can be easily resolved by verifying that the login does not
> contain a separator character before accepting it :), returning a 'wrong login'
> message or something so. What do you think??
Just put a 'root' entry into ftpusers with an obscure password. Do the same
for any username that has to be secured...
Tony
------------------------------
End of TCP-Group Digest V94 #94
******************************