Re: SECURITY PROBLEM: autofs [all versions]
Thor,
Disable booting from floppy in BIOS, password protect LILO, install
chassis intrusion detection system wired to gun turrets with 50mm heavy
machine guns...
...okay, I think I'm going a little overboard here... ;)
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM>CC/IT d- s:+ a16 C++(++++)>$ UL++++>$ P---() L+++>+ E+>+ W+(-) N o? K? w--()
!O M- !V PS+>+ PE- Y+ PGP t+ !5 X-- !R tv b DI D++
G>+++ e-- h! !r y
------END GEEK CODE BLOCK------
On Sat, 1 Jul 2000, Thor wrote:
> Hi,
>
>
> > I'm obviously doing something wrong ...
> >
> > I've written to the maintainer of the autofs package according to the
> > page summary listed under 'packages' from the website, and as I also saw
> > somewhere else (dpkg -s listing?). I filed a bug report against autofs
> > and marked it as release critical. I have heard nothing for the past
> > two (three?) days and need to make this known:
> >
> > There is a severe security problem for all debian machines running any
> > version of autofs and having a floppy drive available as /dev/fd0. The
> > options listed in /etc/auto.misc fail to include the options
> > "nosuid,nodev" and as such anyone with a floppy disk and physical access
> > to a floppy drive may become root on that machine.
> >
> > Here is the 'sploit:
>
> huh ? and you call this an xploit ?
>
> if you have physical access to the console and floppy drive you can always
> start with a boot + root floppy, mount the hard disk and modify the
> mounted /etc/passwd file ... this is an old trick, usefull when you
> loose the root password ;-)
>
> ---
> ;---+---;
> bye |
> bye |hor
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: