|
|
lug-bg: Slackware World-Writable Valid Shell List Vulnerability
- Subject: lug-bg: Slackware World-Writable Valid Shell List Vulnerability
- From: mano@xxxxxxxxxxxxx (Marian Popov)
- Date: Sun, 24 Jun 2001 14:00:48 +0300 (EEST)
A vulnerability exists in Slackware Linux version 7.1.
During the default installation of Slackware Linux, the /etc/shells file
is
installed with world-writable permissions. As a result, it may be possible
for local users to modify this file and effectively cause a denial of
service to users attempting to use applications which rely on the data
contained in the file.
No exploit is required.
A workaround is to remove the world-writable permissions from
the /etc/shells file:
# chmod 644 /etc/shells
This issue has been resolved in the base.tgz package in the Slackware-
current tree as of August 24, 2000.
==-rw-r--r--=============================
== Pazardjik.com System Administrator ==
== GSM: +359 88 975753 ==
== e-mail: mano@xxxxxxxxxxxxx ==
=========================================
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|
|
|