lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <408DA73D.30501@angrynerds.com>
Date: Mon, 26 Apr 2004 17:20:13 -0700
From: p dont think <pdontthink@...rynerds.com>
To: bugtraq@...urityfocus.com
Subject: Re:  Squirrelmail Chpasswod bof


All,

   Replying to this thread using the web interface didn't seem to work 
at all, so...  Please excuse me effectively starting the thread over, 
but wanted to make sure a follow-up got posted to the list.  See:

http://www.securityfocus.com/archive/1/360547/2004-04-14/2004-04-20/2

 > Hi all
 >
 > There is a boffer over flow in the chpasswd binary, distributed with
 > the plugin. This allow to local's user to execute commands as a root.

   This problem (and several others that were really needing to be 
fixed) has been resolved and a new version of this plugin is available 
at the link below.  Obviously, it is highly recommended that anyone 
using this plugin upgrade immediately.

http://www.squirrelmail.org/plugin_view.php?id=117

   Matias, next time please contact the plugin authors, any of the 
SquirrelMail mailing lists, SquirrelMail IRC, or other SquirrelMail 
developers before posting.

Thanks,

   Paul


 > ---:::Prott:::---
 > root@...o:/mnt/hosting/hack/bof# su webmaster
 > webmaster@...o:/mnt/hosting/hack/bof$ ./exploit 166 5555 99999
 > Using address: 0xbfffe325
 > bash-2.05b$ ./chpasswd $RET asdf asdf
 > The new password is equal to old password. Choose another password.
 > sh-2.05b# id
 > uid=0(root) gid=3(sys) groups=500(webmaster)
 > sh-2.05b#
 > ---:::end:::---
 >
 > Bye all



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ