BugTraq
Nokia IPSO Vulnerability Apr 23 2003 06:27PM
Jonas Eriksson (je sekure net) (1 replies)
RE: Nokia IPSO Vulnerability Apr 24 2003 04:32PM
Jorge Merlino (jmerlino easynet com uy) (2 replies)
Re: Nokia IPSO Vulnerability Apr 24 2003 06:34PM
Damieon Stark (visigoth securitycentric com) (1 replies)
Re: Nokia IPSO Vulnerability Apr 24 2003 10:23PM
Shawn Duffy (pakkit codepiranha org)
Re: Nokia IPSO Vulnerability Apr 24 2003 05:43PM
Valdis Kletnieks vt edu (1 replies)
On Thu, 24 Apr 2003 13:32:50 -0300, Jorge Merlino <jmerlino (at) easynet.com (dot) uy [email concealed]> said:
> I don't think that is a vulnerability.
> The file /etc/master.passwd has read access for all users. Monitor can also
> read it in a ssh session.

1) It being readable to all users *authorized to use the system* is different
from it being readable to any bozo on the entire Internet.

2) /etc/master.password is used as a *Proof of Concept*. Feel free to
substitute any other file that might be more damaging to have. Hmm.. it
might be nice to snarf a copy of /etc/inetd.conf, see what's enabled.. or
maybe I want to grab a copy of.....

[ reply ]
RE: Nokia IPSO Vulnerability Apr 24 2003 06:49PM
Jorge Merlino (jmerlino easynet com uy)


 

Privacy Statement
Copyright 2010, SecurityFocus