Date: Thu, 25 May 2000 23:50:35 -0700 From: "Katherine M. Moussouris" <k8e@TURBOLINUX.COM> Subject: Re: kscd vulnerability To: BUGTRAQ@SECURITYFOCUS.COM On Thu, 25 May 2000, Sebastian wrote: > On Wed, 24 May 2000, Matt Wilson wrote: > > > Red Hat Linux does not ship kscd setuid. > > > > Matt > I never said so. > I said it comes _setgid_ disk. I never wrote about RedHat > even. Exploit was tested uner SuSE 6.4 only. Sebastian's exploit does NOT work against TurboLinux versions 6.0.4 and earlier. According to the comments in his perl script "7350kscd," an affected system has kscd setgid disk. TurboLinux, by default, does NOT do this. -k8e >>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<< Katie Moussouris Software Engineer k8e@turbolinux.com Security Tzarina (650)228-5000 TurboLinux, Inc.