lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1118139469.squirrel@r00thell.org>
Date: Tue, 7 Jun 2005 11:17:49 +0100 (BST)
From: "b0iler" <b0iler@...thell.org>
To: bugtraq@...urityfocus.com
Subject: remote command execution in 'tattle'


Hello, a recent bugtraq posting by CISSP C.J. Steele contains a vulnerability which will leave
a box possibly open for remote command execution.  There are many ways to exploit this, but I
chose logging in through ftp with username like

sshd rhost 9 10 11 |rm${IFS}-rf${IFS}/|echo'1.1.1.1'

because of poor input validation and improper use of system calls in tattle this will execute
the rm -rf / and echo'1.1.1.1' commands.  I would assume that in many cases tattle would be
running as root.  The problem is in the getemails subroutine on the line my $whois =
`/usr/bin/whois $tld`;

Author not notified.  I believe he reads this list.
Suggested workaround.  Disable tattle until patch.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ