| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Apr 2004 17:20:13 -0700 From: p dont think <pdontthink@...rynerds.com> To: bugtraq@...urityfocus.com Subject: Re: Squirrelmail Chpasswod bof All, Replying to this thread using the web interface didn't seem to work at all, so... Please excuse me effectively starting the thread over, but wanted to make sure a follow-up got posted to the list. See: http://www.securityfocus.com/archive/1/360547/2004-04-14/2004-04-20/2 > Hi all > > There is a boffer over flow in the chpasswd binary, distributed with > the plugin. This allow to local's user to execute commands as a root. This problem (and several others that were really needing to be fixed) has been resolved and a new version of this plugin is available at the link below. Obviously, it is highly recommended that anyone using this plugin upgrade immediately. http://www.squirrelmail.org/plugin_view.php?id=117 Matias, next time please contact the plugin authors, any of the SquirrelMail mailing lists, SquirrelMail IRC, or other SquirrelMail developers before posting. Thanks, Paul > ---:::Prott:::--- > root@...o:/mnt/hosting/hack/bof# su webmaster > webmaster@...o:/mnt/hosting/hack/bof$ ./exploit 166 5555 99999 > Using address: 0xbfffe325 > bash-2.05b$ ./chpasswd $RET asdf asdf > The new password is equal to old password. Choose another password. > sh-2.05b# id > uid=0(root) gid=3(sys) groups=500(webmaster) > sh-2.05b# > ---:::end:::--- > > Bye all
Powered by blists - more mailing lists