On Wed, 14 Feb 2001, Robert Varga wrote:
> On Mon, Feb 12, 2001 at 03:46:20PM -0800, Blake R. Swopes wrote:
> > Considering what overflows the buffer (your username), it would seem that
> > you'd need root access to begin with in order to craft an exploit. Am I
> > wrong?
>
> Well this could be used to gain root privileges on free shell-account
> servers, which don't do the proper bounds checking and the registration
> process is fully automated...
Many large sites allow front-line staff to add users/reset
passwords/create temp accounts via suid apps (often written in-house). If
this overflow is exploitable then it's possible that it would let
such staff gain root where they didn't have it before.
Arthur
--
Arthur Clune
"You have none. Get over it". Scott McNealy on on-line privacy
PGP Public Key - http://www.clune.org/pubkey.txt
