lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [month] [year] [list] 
Date: Tue Jun  7 13:40:45 2005
From: b0iler at r00thell.org (b0iler)
Subject: remote command execution in 'tattle'

Hello, a recent bugtraq posting by CISSP C.J. Steele contains a vulnerability which will leave
a box possibly open for remote command execution.  There are many ways to exploit this, but I
chose logging in through ftp with username like

sshd rhost 9 10 11 |rm${IFS}-rf${IFS}/|echo'1.1.1.1'

because of poor input validation and improper use of system calls in tattle this will execute
the rm -rf / and echo'1.1.1.1' commands.  I would assume that in many cases tattle would be
running as root.  The problem is in the getemails subroutine on the line my $whois =
`/usr/bin/whois $tld`;

Author not notified.  I believe he reads this list.
Suggested workaround.  Disable tattle until patch.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux