[prev in list] [next in list] [prev in thread] [next in thread]
List: vuln-dev
Subject: Re: [VulnWatch] blackshell3: multiple pwck/grpck vulnerabilities
From: "Larry W. Cashdollar" <lwc () vapid ! dhs ! org>
Date: 2002-01-02 14:43:02
[Download RAW message or body]
These are not setuid root on my debian and redhat boxes.
(debian 2.2)
[lwc@borq ~ $] uname -a
Linux borq 2.2.20 #3 Sat Dec 29 22:01:31 EST 2001 i586 unknown
[lwc@borq ~ $] ls -l /usr/sbin/pwck
-rwxr-xr-x 1 root root 19708 Dec 25 09:33 /usr/sbin/pwck
[lwc@borq ~ $] ls -l /usr/sbin/grpck
-rwxr-xr-x 1 root root 22204 Dec 25 09:33 /usr/sbin/grpck
redhat 6.2
$ uname -a
Linux furry 2.2.20 #3 SMP Fri Jun 19 12:10:15 EDT 2001 i686 unknown
$ ls -l /usr/sbin/grpck
-rwxr-xr-x 1 root root 22352 Feb 16 2000 /usr/sbin/grpck
$ ls -l /usr/sbin/pwck
-rwxr-xr-x 1 root root 19536 Feb 16 2000 /usr/sbin/pwck
> Linux (redhat):
>
> # /usr/sbin/pwck `perl -e 'print "X"x3000'`
> Segmentation Fault (core dumped)
> #
>
> # /usr/sbin/grpck `perl -e 'print "X"x3000'`
> Segmentation Fault (core dumped)
> #
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic