On Wed, 5 Jul 1995, Henri Karrenbeld wrote: > Date: Wed, 5 Jul 1995 18:44:17 +0100 > From: Henri Karrenbeld <H.Karrenbeld@ct.utwente.nl> > To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM> > Subject: Exploit for Linux wu.ftpd hole > > Since Bugtraq is exceptionally quiet lately, I though I should make it > come alive again with this discussion of the bug that was reported in > the wu.ftpd that comes with some Slackware distributions of Linux. > The report was just before Bugtraq went down for a long time, but > I've found the bug still to be present on all the Linux machines that > I have access to. So maybe it needs to be brought a little more in > the open. Here we go: > > ObBug: - Short description of the bug > <snip> Fortunately, this bug is mainly fixed by now (i would hope)... minicom has a known, but not very well-known hole in it that is nearly identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71 version of minicom, you can get root, its the same sort of thing, seteuid(0), and then make a suid root shell somewhere - you do it by changing the name of 'runscript' to your shell... It wouldnt really be much of a problem, except that linux to this day (i believe) continues to have the users gonzo, satan, and snake in minicom.users (or the slackware release does, at the very least). --- There also apepars to be a bug in syslog. If you do something like: grep -v "ROOT" messages > mmm; mv mmm messages Logging is disabled, I suspect this problem is that the file pointer maintained by syslog is getting ahead of the physical EOF, and thus writes will fail, but this is just a guess, and I havent looked at the source to linux's syslog. --- But a more interesting topic than linux bugs would be helpful; ever since the list went moderated, it seems to have gotten mighty quiet.