Sure are.
However, keeping users off the box is a big step forward. It is alot
easier to breakin if you have shell access.
What I am listing here are some old bugs, most have been patched.
*LPD buffer overflow
*IMAP buffer overflow
*sendmail and kernel 2.2.14/15 set compat bug (was a kernel bug, just that
sendmail was the outside acces point
Just to name a few.
There is no substitute to montoring and applying bug fixs when they come
out.
On Sat, 5 Aug 2000, Steven Clark wrote:
> Date: Sat, 5 Aug 2000 20:21:26 -0400
> From: Steven Clark <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: Redhat List <[EMAIL PROTECTED]>
> Subject: Security Risks?
>
> Hi everyone once again ;)
>
> I was wondering what would be the security risks if users that don't have
> any ssh/telnet/ftp, basically no interactive access to a machine, if they
> all used the same UID?
>
> The useradd prog lets me use the same UID as long as the -o option is passed
> to it. Now I know if one does break in they would be able to read every
> shared UID's mail, anything else though really?
>
> I tried this on a test box, sendmail and imap ( using pop3 daemon ) seem to
> behave nicely.
>
> So really is their any real security risks as long as the users are kept out
> of the box?
>
> Thanks again,
> Steven
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
