Return to BSD News archive
Newsgroups: comp.unix.bsd.bsdi.misc Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!spool.mu.edu!agate!howland.erols.net!news.mathworks.com!uunet!in2.uu.net!208.192.224.3!news.interactive.net!ritz From: ritz@onyx.interactive.net (Chris Mauritz) Subject: Re: Security hole X-Nntp-Posting-User: ritz Organization: IBS Interactive, Inc. Lines: 24 Message-ID: <E4AAyu.GD2@news.interactive.net> References: <32DEEC3F.E23@interlog.com> <DERAADT.97Jan18154120@zeus.theos.com> <5bstum$84v@duke.telepac.pt> <5bue0s$psh@tofu.alt.net> X-Trace: 853725700/21192 X-Nntp-Posting-Host: onyx.interactive.net Date: Mon, 20 Jan 1997 02:01:41 GMT Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5647 Matt Bancroft <matt@tiiap.mec.edu> is rumoured to have written: :) Mad (mad@grupo.bfe.pt) wrote: :) : In article <DERAADT.97Jan18154120@zeus.theos.com>, deraadt@theos.com (Theo de Raadt) wrote: :) : >>In article <32DEEC3F.E23@interlog.com> Claude Pio <pio@interlog.com> writes: :) : >> Folks, I need help. I am running an ISP with a BSDI main server. Users :) : >> have access to shell accounts in this server. The problem is that one :) : >> user has been able to somehow gain enough authority to change passwords :) : >> and delete all kinds of files. Can someone tell me how any user can do :) : >> these things without being super user... :) : >> :) : >> Any help would be greatly appreciated..... :) : >Numerous ways. BSDi has many, many easily exploitable security holes. :) : Such as? :) Security problems in lpr, sendmail and adduser come to mind at the moment... None of these holes are a risk if you have all the latest patches installed. Chris -- Christopher Mauritz | For info on internet access: ritz@interactive.net | finger/mail info@interactive.net OR IBS Interactive, Inc. | http://www.interactive.net/