Date: Sun, 1 Nov 1998 21:08:39 -0400 From: Config Urator <root@OBERPHLOW.ORG> Subject: lightbar vulnerability To: BUGTRAQ@NETSPACE.ORG Lightbar Vulnerability - Found 11/01/98 by OberphloW (Config Urator) --------------------------------------------------------------------- any reply to: config@i-p-d.com - Gives * remote root access - How? Ok. here we start, i download lightbar, install, configure, and run. kewlio, it works and all, suddenly that qute "guest" option gets my attention. so i decide to check it out. here is the bug. if lightbar doesnt find or cant execute the file its supposed to execute for the "guest" account it will just drop you a bash! and it doesnt even bother to setuid() setgid() to guest. so it drops a REMOTE ROOT BASH to anyone who logs in as guest. - How do i make sure sum1 dont use this against me? easy, just make sure no1 can erase or change permissons of the file that "guest" account will execute. - How to fix this if im stupid and want ppl to have +w to the file? on: shell.c remove lines from: 163 to 170 att... Config Urator (config@i-p-d.com)