BugTraq
Back to list
|
Post reply
aterm 0.4.2 tty permission weakness
Jul 13 2004 04:04PM
Maarten Tielemans (TTIelu_DaInfraCrew hotmail com)
(4 replies)
Aterm has an issue with creating a terminal.
A quick ?ls ?al? on a aterm with ?mesg y? shows:
crw--w--w- 1 alsdk users 5, 3 Jul 13 17:27 /dev/ttyp3
with ?mesg n?:
crw-----w- 1 alsdk users 5, 3 Jul 13 17:28 /dev/ttyp3
1) World (nobody) is able to ?echo? or ?cat? towards the terminal
echo ?hello? >> /dev/ttyp3
cat mkdir >> /dev/ttyp3
2) The group seems to be incorrect, a normal terminal has default group tty
A xterm with ?mesg y? shows :
crw--w---- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5
and with ?mesg n? :
crw------- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5
Advice: use xterm
Bug found by TTIelu, reverse engineered by alsdk and TTIelu
[ reply ]
Re: [security] aterm 0.4.2 tty permission weakness
Jul 14 2004 10:26AM
lorenzo (lagrespan gmail com)
Re: aterm 0.4.2 tty permission weakness
Jul 14 2004 09:59AM
Sebastian Hans (hanss in tum de)
Re: aterm 0.4.2 tty permission weakness
Jul 14 2004 07:47AM
Armin Wolfermann (aw osn de)
Re: aterm 0.4.2 tty permission weakness
Jul 14 2004 04:10AM
Coleman Kane (cokane cokane org)
Privacy Statement
Copyright 2010, SecurityFocus
Aterm has an issue with creating a terminal.
A quick ?ls ?al? on a aterm with ?mesg y? shows:
crw--w--w- 1 alsdk users 5, 3 Jul 13 17:27 /dev/ttyp3
with ?mesg n?:
crw-----w- 1 alsdk users 5, 3 Jul 13 17:28 /dev/ttyp3
1) World (nobody) is able to ?echo? or ?cat? towards the terminal
echo ?hello? >> /dev/ttyp3
cat mkdir >> /dev/ttyp3
2) The group seems to be incorrect, a normal terminal has default group tty
A xterm with ?mesg y? shows :
crw--w---- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5
and with ?mesg n? :
crw------- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5
Advice: use xterm
Bug found by TTIelu, reverse engineered by alsdk and TTIelu
[ reply ]