Linux Security Risk: Writable /etc/passwd Exploitation
One small permission mistake in Linux can silently turn into a full system compromise. A classic example is a writable /etc/passwd file.
In Lin...
This was found after playing with [1].
The vulnerability is currently not exploitable (see description below).
In case you have a vmdk file like the following:
```
version=1
CID=b1a17f47
parentCID=ff...
ecryptfs-migrate-home is hard coded to look at "/etc/passwd" only for home directories. The function starts at line 81 and is called "get_user_home ()". It is possible to use in the function "getent...
In the /usr/share/doc/awstats/README.Debian.gz file:
if [ -x /usr/share/awstats/tools/update.sh ]; then
su -l -c /usr/share/awstats/tools/update.sh www-data
fi
However this "su" ...
Binary package hint: postfix
Ubuntu 9.10, via Update Manager.
SOLUTION:
Look for /etc/group.lock, /etc/passwd.lock and /etc/shadow.lock files and remove them.
Be careful to only remove the files e...
As a system administrator, if you try to create a new account, using the graphical utility (System->Administration->Users and Groups) and you set the user id manually to a value that is already in use...
Binary package hint: gnome-system-tools
I have noticed differences with the adduser command.
Are system-tools user and groups following policy and using debians useradd/adduser facility with its adm...
see https://wiki.ubuntu.com/MultiUserManagement
Let groupadd have the option to create /home/group/ sgid directories.
Sgid group directories are the means for users to easily collaborate on local fi...
On a model deployed with Juju 2.2.8, backed by the OpenStack provider.
The application in question is a web app, which runs as an unprivileged user, where interactive shell usage is not normally requ...
Updating image-location by update images API users can download any file for which glance-api has read permission.
And the file for which glance-api has write permission will be deleted when users del...
Binary package hint: gdm
I have kerneloops installed and with new gdm from karmic the kernoops user is listed as real user in the gdm greeter.
from /etc/passwd
kernoops:x:112:65534:Kernel Oops Track...
Passwords in the UNIX operating system are encrypted with the crypt algorithm and kept in the publicly-readable file /etc/passwd. This paper examines the vulnerability of UNIX to attacks on its passwo...
(1990) Feldmeier, Karn. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Passwords in the UNIX operating system are...
From LFI to RCE: The Hacker’s Playbook for Turning File Reads Into Full Server Control + Video
Introduction: Local File Inclusion (LFI) is often mistakenly seen as a low-severity vulnerability, merel...
Passwords in the UNIX operating system are encrypted with the crypt algorithm and kept in the publicly-readable file /etc/passwd. This paper examines the vulnerability of UNIX to attacks on its passwo...
Binary package hint: gdm
I have kerneloops installed and with new gdm from karmic the kernoops user is listed as real user in the gdm greeter.
from /etc/passwd
kernoops:x:112:65534:Kernel Oops Track...
As per documentation:
- late-commands
-- Shell commands to run after the install has completed successfully and any updates and packages installed, just before the system reboots.
Doesn’t seem to b...
