shadow-19990307 contains security bug that allows new user with UID 65536 to gain root access, without being logged at all, and with ability to bypass /etc/securetty restrictions.
b096ce34fbd435914b9578e6a14af17eDate: Mon, 24 May 1999 20:44:28 +0200
From: Lord Evil <lord_evil@SCART.NU>
To: BUGTRAQ@netspace.org
Subject: UID 65536 and shadow-19990307
Recently one of our admins installed the shadow-19990307 package.
While playing around I noticed that if a new user is created with UID 65536,
he will become root upon login. No root login will be logged, and even if
the tty isn't in /etc/securetty he will be allowed in.
I dont think this is normal behaviour :)
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!