Re: SECURITY PROBLEM: autofs [all versions]

To: "Christopher W. Curtis" <ccurtis@aet-usa.com>, "Debian Devel List" <debian-devel@lists.debian.org>, <debian-security@lists.debian.org>
Subject: Re: SECURITY PROBLEM: autofs [all versions]
From: "Thor" <thor@tech-center.com>
Date: Sat, 1 Jul 2000 10:19:39 +0200
Message-id: <[🔎] 002901bfe335$22654fe0$0101a8c0@zac>
References: <395D40C7.576B8AC8@aet-usa.com>

Hi,


> I'm obviously doing something wrong ...
> 
> I've written to the maintainer of the autofs package according to the
> page summary listed under 'packages' from the website, and as I also saw
> somewhere else (dpkg -s listing?).  I filed a bug report against autofs
> and marked it as release critical.  I have heard nothing for the past
> two (three?) days and need to make this known:
> 
> There is a severe security problem for all debian machines running any
> version of autofs and having a floppy drive available as /dev/fd0.  The
> options listed in /etc/auto.misc fail to include the options
> "nosuid,nodev" and as such anyone with a floppy disk and physical access
> to a floppy drive may become root on that machine.
> 
> Here is the 'sploit:

huh ? and you call this an xploit ?

if you have physical access to the console and floppy drive you can always 
start with a boot + root floppy, mount the hard disk and modify the 
mounted /etc/passwd file ... this is an old trick, usefull when you 
loose the root password ;-)

---
;---+---;
bye |
bye |hor

Reply to:

Follow-Ups:
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: Mark Janssen <maniac@markjanssen.homeip.net>
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: Daniel Burrows <Daniel_Burrows@brown.edu>
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: Alexander Hvostov <vulture@aoi.dyndns.org>

Prev by Date: Re: Debian Critical Mass
Next by Date: modutils 2.3.11-8 - depmod error
Previous by thread: Re: Debian Critical Mass
Next by thread: Re: SECURITY PROBLEM: autofs [all versions]
Index(es):
- Date
- Thread