Solaris, AIX Login Hole

An anonymous submitter sent in: "A CERT Advisory describes a buffer overflow vulnerability in implementations of login derived from System V, which includes among Solaris 8 and earlier and AIX 4.3/5.1. "An exploit exists and may be circulating." Vendors are testing fixes." There's a Reuters story as well.

page widening post!

I, klerck, love to widen the page!

<a href=Hi,.I'm.the.page.widenere.man!.I'm.here.to.wi den.the.pages.of.slashdot.for.this.one.post.at.a.p ositive.score!.I.hope.you.all.enjoy.reading.my.pag e.widening.post.as.much.as.I.enjoyed.writing.it!.N ow.I.will.proceed.to.have.sex.with.a.horse.and.sho ve.the.goatse.cx.guy's.ass.right.up.my.own.ass!.Ch eers.folks!.For.years.now,.the.common.American.pen is.bird.has.been.a.staple.of.every.American's.dail y.diet..Whether.it.be.penis.bird.sandwiches,.fried .penis.bird,.or.perhaps.penis.bird.under.glass.for .the.rich,.we.all.have.penis.bird.at.least.once.a. day..Many.Americans.have.no.clue.how.the.penis.bir d.became.so.important.in.the.pyramid.of.a.balanced .diet,.so.in.this.article.I.will.attempt.to.explai n.its.history.and.why.it.is.so.useful..In.the.earl y.1870s,.Francis.Zefran.became.the.first.penis.bir d.breeder.in.North.America..He.started.his.famous. Penis.Bird.Ranch.in.Canton,.OH..At.the.time,.not.m uch.was.known.of.the.penis.bird's.nutritional.valu e,.but.the.Penis.Bird.Ranch.changed.all.of.that..N ot.only.did.Francis.Zefran.raise.penis.birds.to.se ll.their.colorful.plumes.a.VERY.lucrative.business ,.he.also.set.up.the.world's.first.research.lab.de dicated.solely.to.the.study.of.the.penis.bird.The. lab.found.many.interesting.things..First,.it.was.d iscovered.that.thepenis.bird.was.actually.semisent ient..Second,.the.scientists.found.that.the.meat.o f.the.penis.bird.was.high.in.protein,.vitamin.A,.v itamin.B,.and.calcium,.while.low.in.fat,.cholestor ol,.and.sodium..Never.before.had.such.a.nutritious .meal.been.had.without.supplement.or.fortification ..The.scientists.of.the.lab.recommended.immediatel y.that.the.penis.bird.become.a.part.of.every.Ameri can's.daily.diet..When.the.news.of.the.penis.bird' s.usefulness.reached.president.Rutherford.B..Hayes ,.he.was.absolutely.ecstatic..You.see,.President.H ayes.owed.a.number.of.favors.to.Francis.Zefran.bec ause.as.I.said.earlier,.the.penis.bird.plume.trade .was.an.extremely.lucrative.business.and.Mr..Zefra n.was.important.in.getting.RBH.elected.through.a.n umber.of.monetary.gifts..President.Hayes.immediate ly.asked.Congress.to.pass.what.we.all.know.today.a s.the.Hayes/Zefran.Penis.Bird.Consumption.Act..The .act.did.a.number.of.things.to.make.the.penis.bird .a.daily.meal,.most.important.of.which.was.the.req uirement.that.for.every.four.people.in.a.household ,.one.penis.bird.must.consumed.every.day..Another. thing.the.act.did.was.create.an.artificial.monopol y.for.Francis.Zefran's.Penis.Bird.Industries..The. act.stated.that.the.only.supplier.of.penis.bird.me at.in.the.US.would.be.PBI..As.one.would.imagine,.t his.quickly.made.Francis.Zefran.into.the.richest.m an.in.the.world..He.was.soon.a.multibillionaire.qu adrillionaire.with.today's.inflation..Never.before .had.a.single.man.seen.such.wealth..Many.challenge s.were.made.to.the.Hayes/Zefran.Penis.Bird.Consump tion.Act,.and.several.even.made.it.the.Supreme.Cou rt..It.was.argued.that.the.act.was.unconstitutiona l.and.went.against.liberty.itself,.but.once.the.de tractors.tasted.delicious.penis.bird.meat.for.the. first.time,.they.immediately.dropped.their.cases.a nd.followed.the.law.to.the.letter..We.all.know.tod ay.that.penis.bird.is.the.most.delicious.meat.man. has.ever.known,.but.at.that.time,.the.only.meats.p eople.ate.were.pork.and.beef..In.the.early.1970s,. though,.challenges.to.the.act.began.again..Many.ar gued.that.the.monopoly.given.to.Penis.Bird.Industr ies.by.the.act.was.in.all.ways.unamerican..The.Sup reme.Court.finally.agreed,.and.in.1974,.Section.II .of.the.act.was.struck.down..This.in.effect.opened .the.market.to.competition.for.all..Today,.Penis.B ird.Industries.is.almost.no.more..Today.we.have.th e.market.leader.Penis.Bird.Meat.International.faci ng.against.Penissoft,.a.recent.startup..Where.will .the.future.lead.the.penis.bird.market?.Only.time. will.tell.us,.but.one.thing.is.certain:.penis.bird s.are.here.to.stay!></A>

What's with Wil Wheaton?

Wil Wheaton is a fucking poseur. I can't stand how you fucktards get all drippy and excited every time that his name is mentioned. Ever since that stupid fucking Slashdot interview, all of you twerps have been ready to suck his dick. Don't you understand? It's all a sham! Your little hearts fluttered when he chose the EFF as his sponser on The Weakest Link, but the kid runs fucking Windows 2000. I mean, come on! Rob Malda had to run an anti-Microsoft "news" website for two years before anyone would believe that he only used Windows "for games," and you fall for Wil Wheaton's schtick immediately, without question? That's proof that the only intelligent posters left on Slashdot are us trolls.

He was a bad actor, and now he's a wannabe geek. The fact that he was a minor celebrity five years ago is immaterial. Maybe the new Linux mascot should be Alf! We should have Tony Danza on the new GNOME committee!

Wil Wheaton is such a moron that someone guessed his Slashdot account password and started crapflooding with it within a week. It's a newbie UID, by the way: Wil hadn't even heard of Slashdot until the interview!

It's almost fitting, though: both Linux and Wil Wheaton are immature hacks unsuited for work in the Real World. Both are yesterday's news. Both are pointless. Hey, maybe Wil does have a place on Slashdot!

-- The_Messenger

Re:What's with Wil Wheaton?

You're jealous of Wil Wheaton? How pathetic...

Re:Oh gee, must Mod down anything not

remotely bashing MicroSoft and praising *nix.

moderators are the true cowards.

To check out problems with slashcode...

read at -1. yep. and man, ROCKING OUT HAPPENS DAILY.

props to my main man jesus, one of the deadest homiezz of all time.

Re:More info:

[HMC+CS+Major]

This actually is not a new vulnerability. From FreeBSD Security Advisory: FreeBSD-SA-01:63.openssh:

Topic: OpenSSH UseLogin directive permits privilege escalation

Category: core/ports
Module: openssh
Announced: 2001-12-02
Credits: Markus Friedl
Affects: FreeBSD 4.3-RELEASE, 4.4-RELEASE
FreeBSD 4.4-STABLE prior to the correction date
Ports collection prior to the correction date
Corrected: 2001-12-03 00:53:28 UTC (RELENG_4)
2001-12-03 00:54:18 UTC (RELENG_4_4)
2001-12-03 00:54:54 UTC (RELENG_4_3)
2001-12-02 06:52:40 UTC (openssh port)
FreeBSD only: NO

I. Background

OpenSSH is an implementation of the SSH1 and SSH2 secure shell
protocols for providing encrypted and authenticated network access,
which is available free for unrestricted use. Versions of OpenSSH are
included in the FreeBSD ports collection and the FreeBSD base system.

II. Problem Description

OpenSSH includes a feature by which a user can arrange for
environmental variables to be set depending upon the key used for
authentication. These environmental variables are specified in the
`authorized_keys' (SSHv1) or `authorized_keys2' (SSHv2) files in the
user's home directory on the server. This is normally safe, as this
environment is passed only to the user's shell, which is invoked with
user privileges.

However, when the OpenSSH server `sshd' is configured to use
the system's login program (via the directive `UseLogin yes' in
sshd_config), this environment is passed to login, which is invoked
with superuser privileges. Because certain environmental variables
such as LD_LIBRARY_PATH and LD_PRELOAD can be set using the previously
described feature, the user may arrange for login to execute arbitrary
code with superuser privileges.

All versions of FreeBSD 4.x prior to the correction date including
FreeBSD 4.3 and 4.4 are potentially vulnerable to this problem.
However, the OpenSSH server is configured to not use the system login
program (`UseLogin no') by default, and is therefore not vulnerable
unless the system administrator has changed this setting.

In addition, there are two versions of OpenSSH included in the
ports collection. One is ports/security/openssh, which is the
BSD-specific version of OpenSSH. Versions of this port prior to
openssh-3.0.2 exhibit the problem described above. The other is
ports/security/openssh-portable, which is not vulnerable, even if the
server is set to `UseLogin yes'.

III. Impact

Hostile but otherwise legitimate users that can successfully
authenticate using public key authentication may cause /usr/bin/login
to run arbitrary code as the superuser.

If you have not enabled the 'UseLogin' directive in the sshd
configuration file, you are not vulnerable to this problem.

How did you manage that?

Seriously it's really annoying

Well obviously...

[billmaly]

They should be taken to court, made fun of, boycotted! A security hole, my god, well I run Solaris, thank goodness I'm not affecte.....What's that?? It affects what? Oh....oh my....OH WAITER!!!! A plate of crow please! :)

Now I can use the AIX box I bought at auction!

[Spoing]

If this fails, anyone know if PPC Aix disks can be mounted on an x86 Linux box? Proper partition and fs support enabled, of course.

Background: The box came from a defunct internet delivery service. I wonder what corporate records I'll find? Definately customer records if the admins didn't wipe the database. It's a good thing I'm ethical. I wonder how many customer records from defunct Internet-focused IPOs are now in the hands of crooks?

Tux? Sux!

[sanrio_troll]

Whats the deal with Tux?

Linux advocates love Tux, the penguin commonly used as a mascot for Linux. Why this is, few people with taste are able to figure out. However, considering what usually passes for taste in the "geek" cliques, this is not suprising. The original drawings of Tux look like they were crafted by a lowland gorilla with spasmatic gas pain. In future renditions, the lowland gorilla must have gained access to Lightwave. Apparently about two seconds of thought was put into the choice of this important marketing tool, because it couldnt sell food to a famine victim.

Even the very choice of a penguin was severely misguided. What in the world does a penguin have to do with a unix-like operating system? Obviously, nothing. Might as well of used a crude drawing of an impacted colon. What we have here is a serious branding problem. Solution? Sanrio.

Sanrio has the ability to sell anything to anyone by simply sticking a picture of a mouthless cat upon it. Waffle makers, plush animals, vibrators, you name it. This is the direction that we want to move in. Product is less important than image. If Microsoft wants to fight with marketing rather than quality product, we can take that battle to them. With characters like Nyago, Robowan, and Landry, Dominance over Microsoft products could be assured in a matter of months. No one could stop the juggernaut of Sanrio-branded Linux cuteness.

You know this to be true, and this is advice you ignore at your own peril.

Re:When can we banish Telnet forever?

You seem to be very knowledgable in this, could you please provide some evidence. I'm sure with all of the different uses you could list 3 or 4 of them.

Unix has always had problems: X11 for example.

[SimHacker]

Ivan Raikov stated "I'd say there's a subtle, but important difference between insecure by design and insecure due to a programmer's mistake."

Some times, "design" is 100% equivalent to "a programmer's mistake".

That is obviously the case with X-Windows, the world's first fully modular software disaster. It was a mistake to even design it. A mistake carried out to perfection. The defecto standard. Flaky and built to stay that way. Complex nonsolutions to simple nonproblems. Form follows malfunction. Ignorance is our most important resource. It could be worse, but it'll take time. More than enough rope. Power tools for power fools. Putting new limits on productivity. The cutting edge of obsolescence. The art of incompetence. The defacto substandard. You'll envy the dead. Even your dog won't like it.

-Don