Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
AW: [suse-security] Linux distributions and /bin/login overflow ( fwd)
  • From: "Bitzer,Gerd" <gerd.bitzer@xxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 20 Dec 2001 13:11:51 +0100
  • Message-id: <B9D5AB46E5DCD411B7B600005A992E7C02CCECE9@xxxxxxxxxxxxxxxxxxxx>
Hi,

I have issued this question a few days ago, short after this topic was
posted on CERT. The only response from Suse until this moment was, that they
will investigate wether this weakness is relevant for Suse Linux or not (or
did I miss the reply ?)

So again, is Suse Linux vulnerable for this remotely exploitable buffer
overflow attack ?


---------
Hi,

This mail was published on Bugtraq. I cannot confirm the issue on
SuSE 7.0, but I have some elder versions running but not tested.
Is this issue limited to console access? It seems that SSHD does
not UseLogin by default. It seems a local privilege problem, is
that correct? Do I have to worry? Can the SysV options disabled
in some config file?

Thank you!

oki,

Steffen

----- Forwarded message from Anton Rager <a_rager@xxxxxxxxx> -----

X-AntiVirus: scanned for viruses by AMaViS 0.2.0-pre6
(http://aachalon.de/AMaViS/)
X-Note: Not addressed to me personaly.
X-Note: Free (web) email service used.
From: Anton Rager <a_rager@xxxxxxxxx>
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Linux distributions and /bin/login overflow
Date: Wed, 19 Dec 2001 15:04:59 -0800 (PST)

Hello,

It seems that while Redhat Linux and Caldera Linux
distributions are immune to the recent /bin/login
environ overflow, other Linux distributions are not.
Several Linux distributions install /bin/login with
SysV login options enabled.

Slackware 8.0 and lower [tested with 8.0, 4.0, 3.3]
has SysV options enabled with /bin/login and is
vulnerable.

SuSE 6.1 has SysV options enabled with /bin/login and
is vulnerable. I don't have a newer SuSE release, so
others will need to verify. It would seem logical that
SuSE 8.3 still includes the SysV login options
enabled, and is probably vulnerable as well.

Other distributions should be checked as well. A
quick way to check for SysV option capabilities is to
type "login", then enter "root testenv1=test" at the
login: prompt. Supply your root passwd, and look for
"testenv1" in the output of set. If it's set, then
your copy of /bin/login supports SysV options.....and
is probably vulnerable. Follow similar procedure to
find overflow possibility/specifics ;)


Regards,

Anton Rager
a_rager@xxxxxxxxx




__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com


----- End forwarded message -----

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >
Follow Ups