*BSD News Article 86726


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!news.syd.connect.com.au!phaedrus.kralizec.net.au!news.mel.aone.net.au!grumpy.fl.net.au!news.webspan.net!newsfeeds.sol.net!mr.net!netnews.com!howland.erols.net!ais.net!noc.van.hookup.net!nic.mtl.hookup.net!rcogate.rco.qc.ca!n3ott.istar!ott.istar!istar.net!van.istar!west.istar!cal.istar!riscan.riscan.com!theos.com!deraadt
From: deraadt@theos.com (Theo de Raadt)
Newsgroups: comp.unix.bsd.bsdi.misc
Subject: Re: Security hole
Date: 18 Jan 1997 22:41:20 GMT
Organization: Theo Ports Kernels For Fun And Profit
Lines: 14
Message-ID: <DERAADT.97Jan18154120@zeus.theos.com>
References: <32DEEC3F.E23@interlog.com>
NNTP-Posting-Host: zeus.theos.com
In-reply-to: Claude Pio's message of Thu, 16 Jan 1997 22:24:24 -0500
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5583

In article <32DEEC3F.E23@interlog.com> Claude Pio <pio@interlog.com> writes:

   Folks, I need help. I am running an ISP with a BSDI main server. Users
   have access to shell accounts in this server. The problem is that one
   user has been able to somehow gain enough authority to change passwords
   and delete all kinds of files. Can someone tell me how any user can do
   these things without being super user...

   Any help would be greatly appreciated.....

Numerous ways.  BSDi has many, many easily exploitable security holes.
--
This space not left unintentionally unblank.		deraadt@theos.com
www.OpenBSD.org -- We're fixing security problems so you can sleep at night.