Re: Exploit - what to do

To: <debian-security@lists.debian.org>
Subject: Re: Exploit - what to do
From: David Ehle <ehle@iit.edu>
Date: Wed, 18 Jul 2001 10:13:48 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.30.0107181009100.24610-100000@hep00.phys.iit.edu>
In-reply-to: <[🔎] Pine.LNX.4.21.0107181621450.32036-100000@gatekeeper.jane.org>

Um Wow... I'm afraid I couldn't agree with you less Richard.

My suggestion would have to be CONTACT the original author of that version
of passwd, and the debian security evaluaters/announcers and let them know
as much as possible about the hole so they can evaluate/fix it.

Your disgression in not posting the details on the open list is
appreciated ;)

Good luck and thank you for your efforts!
           David.
 On Wed, 18
Jul 2001, Richard wrote:

>
> On Wed, 18 Jul 2001, Jerzy Wolinski wrote:
>
> > I found some local root exploit (source and binary).
> > I have run it on some test system. It works on Debian 2.2r2
>
> Is it not decieving you like fakeroot does, are you not running the code
> as a privileged user?
>
> > From source I can see that it uses passwd program,
> > but I have no knowlegde and no time to search how it
> > really works.
> > On debian security alert pages I see nothing about passwd.
> > What should I do?
>
> Since you have no knowlegde and no time, little else but
> to trust the debian security team.
>
> [RicV]
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Reply to:

References:
- Re: Exploit - what to do
  - From: Richard <ricv@denhaag.org>

Prev by Date: Re: Exploit - what to do
Next by Date: Re: Exploit - what to do
Previous by thread: Re: Exploit - what to do
Next by thread: Re: Exploit - what to do
Index(es):
- Date
- Thread