Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)

• To: spowers@shire.ncsa.uiuc.edu (Scott Powers)
• Subject: Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• From: Quentin Fennessy <Quentin.Fennessy@sematech.org>
• Date: Sun, 09 Apr 1995 22:10:42 -0500
• Cc: www-security@ns1.rutgers.edu

Scott-
    You argued with the potential damage of a telnet server installed
into a 'nobody' account.  I will point out some work-arounds to your 
arguments:

You said the password would have to be changed.  Actually, on if you wish
to use passwords and the system password for login.  Actually, you do not
need to use login.

You said that 'nobody' hsa no home directory.  How about using /var/tmp?
/tmp?

You mentioned that 'nobody' might have a hard time transferring a telnet
server.  What if 'nobody' ran a shell with stdin and stdout connected to
a socket -- say at port 4567?  This shell would execute the  commands sent
in on this port.

Now, I realize that this process would run as 'nobody', but the fact that
you have shell access to a UNIX system means you have an excellent chance
at compromising it.

I hope this helps,

   Quentin

• Previous: Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• Next: Still security holes in NCSA httpd 1.3R
• Index(es):
  • Index
  • Thread