|
Re: lug-bg: Slackware World-Writable Valid Shell List Vulnerability
- Subject: Re: lug-bg: Slackware World-Writable Valid Shell List Vulnerability
- From: firedust@xxxxxxx (Stanislav Lechev)
- Date: Mon, 25 Jun 2001 15:14:33 +0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
to towa e po staro ot sweta
samo deto ne mi e qsno shto go wadqt pak w bugtraq ?!?
w ChangeLog.txt na slack current :
- ----------------------------
Thu Aug 24 16:12:55 PDT 2000
Merged package directories for the A and N series.
a1/bash.tgz, bash1.tgz: Patched install script to ensure that a
newly-created /etc/shells will be chmoded 644.
[.....]
- ----------------------------
Thu Aug 24 14:14:00 PDT 2000
(* Branched new Slackware-current from Slackware 7.1 *)
neznam dali zabelqzwash no towa e pyrwoto neshto koeto e naprawil
Patrick Volkerding kato e pochnal current-a
On Sunday 24 June 2001 14:00, Marian Popov wrote:
> A vulnerability exists in Slackware Linux version 7.1.
>
> During the default installation of Slackware Linux, the /etc/shells file
> is
> installed with world-writable permissions. As a result, it may be possible
> for local users to modify this file and effectively cause a denial of
> service to users attempting to use applications which rely on the data
> contained in the file.
> No exploit is required.
> A workaround is to remove the world-writable permissions from
> the /etc/shells file:
>
> # chmod 644 /etc/shells
>
> This issue has been resolved in the base.tgz package in the Slackware-
> current tree as of August 24, 2000.
>
>
> ==-rw-r--r--=============================
> == Pazardjik.com System Administrator ==
> == GSM: +359 88 975753 ==
> == e-mail: mano@xxxxxxxxxxxxx ==
> =========================================
>
>
> ===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
- --
- -===============================================================-
- - Regards, AngelFire -
- - Stanislav Lechev <firedust@xxxxxxx> -
- - PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc -
- - Vega Internet Service Provider (tm) -- http://www.vega.bg -
- -===============================================================-
Everyone is a genius.
It's just that some people are too stupid to realize it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7Nysp8RPXBhiMqewRAu/1AJwKKKuaLQuDiTTtorkoMxf0QZ2WdgCeMqRs
MwrMpH8xmZuBqkhY3JgIMzw=
=/rhl
-----END PGP SIGNATURE-----
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|
|
|