hi it seems that potato is vulnerable... at the console, i entered root at the login: prompt and some bullshit as the password. everything seemed fine, i got a login incorrect message and another login: prompt. now i pressed CTRL-D, and voila:
Dec 20 11:16:27 upcrouter kernel: Security: signal 11 (read or execute addr 0x00000000) sent to login[8421], UID 0, EUID 0, parent init[1], UID 0, EUID 0, by login[8421], UID 0, EUID 0, parent init[1], UID 0, EUID 0 it seems that openwall caught the attack. if i pressed CTRL-D at the first prompt, i just got a login incorrect message. i made another check by logging in and starting login as root from the command prompt and simply pressing CTRL-D at the login: prompt: upcrouter:~# login upcrouter login: Segmentation fault upcrouter:~# these checks were made on potato r3 with recent updates, running kernel 2.2.20 with openwall, hap-2 and stealth patches. i checked this on an unpatched woody box as well and i didn't succeed. comments? On Thu, 2001-12-20 at 01:06, victor wrote: > This is a forwarded message > From: Anton Rager <[EMAIL PROTECTED]> > To: [email protected] > Date: Thursday, December 20, 2001, 12:04:59 AM > Linux distributions and /bin/login overflow > ===8<==============Original message text=============== > Hello, > > It seems that while Redhat Linux and Caldera Linux > distributions are immune to the recent /bin/login > environ overflow, other Linux distributions are not. > Several Linux distributions install /bin/login with > SysV login options enabled. > > Slackware 8.0 and lower [tested with 8.0, 4.0, 3.3] > has SysV options enabled with /bin/login and is > vulnerable. > > SuSE 6.1 has SysV options enabled with /bin/login and > is vulnerable. I don't have a newer SuSE release, so > others will need to verify. It would seem logical that > SuSE 8.3 still includes the SysV login options > enabled, and is probably vulnerable as well. > > Other distributions should be checked as well. A > quick way to check for SysV option capabilities is to > type "login", then enter "root testenv1=test" at the > login: prompt. Supply your root passwd, and look for > "testenv1" in the output of set. If it's set, then > your copy of /bin/login supports SysV options.....and > is probably vulnerable. Follow similar procedure to > find overflow possibility/specifics ;) > > > Regards, > > Anton Rager > [EMAIL PROTECTED] > > > > > __________________________________________________ > Do You Yahoo!? > Check out Yahoo! Shopping and Yahoo! Auctions for all of > your unique holiday gifts! Buy at http://shopping.yahoo.com > or bid at http://auctions.yahoo.com > > ===8<===========End of original message text=========== > > -- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- __________________________________________ Gergely Trifonov mailto:[EMAIL PROTECTED] System Administrator, WSD IND - Interactive Net Design http://www.indweb.hu Széchenyi u. 70. H - 3530 Miskolc Hungary Phone: +36 46 505 106 Fax: +36 46 505 107 Mobile: +36 20 395 6476 !Please install IND CA Certification as TRUSTED CA! https://www.indweb.hu/IND.crt
