Izik wrote: > > Hello > > i've found buffer overflow in uucp. in BSDi platform ... > since uucp is by nature suid. and the ownership is by uucp > i don't see the real profit. Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode, and others. So if I can use this vuln to su uucp, I can trojan e.g. tip. Then the next time root runs what he thinks is tip, I've got the box. Bob -- Robert Howard University of Michigan Lead System Administrator IT Central Services Strategic Projects Operations
