Sick`
2003-Sep-17 13:56 UTC
FW: opiekey segfault ... isn't that harmfull? it's setuid root
Hi, I dunno much about exploiting, but I was wondering about the setuid root program 'opiepasswd' to use one-time-passwords. When having a seed of (null) and a sequence of -1, I get a segfault. Kernel/base: FreeBSD lama.inet-solutions.be 4.8-RELEASE-p4 FreeBSD 4.8-RELEASE-p4 #0: Sun Aug 31 21:00:38 CEST 2003 root@lama.inet-solutions.be:/usr/obj/usr/src/sys/LAMA i386 Make.conf: CPUTYPE=i686 CFLAGS= -O -pipe CXXFLAGS+= -fmemoize-lookups -fsave-memoized COPTFLAGS= -O -pipe ENABLE_SUIDPERL= true PERL_VER=5.6.1 PERL_VERSION=5.6.1 PERL_ARCH=mach NOPERL=yo NO_PERL=yo NO_PERL_WRAPPER=yo This is my terminal output: jimmy@lama (192.168.0.50) 13:47 ~ $ opiepasswd -c -n 1 -s ad2003 Adding jimmy: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses. Enter new secret pass phrase: TESTtestTEST Again new secret pass phrase: TESTtestTEST ID jimmy OTP key is 1 ad2003 HUT SWAY DANE TOLL DAM JUDO jimmy@lama (192.168.0.50) 13:47 ~ $ opiekey -n 2 1 ad2003 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: TESTtestTEST 0: FLEW SLAY STAN BUNK RAT BACH 1: HUT SWAY DANE TOLL DAM JUDO jimmy@lama (192.168.0.50) 13:48 ~ $ ssh 192.168.0.50 otp-md5 0 ad2003 ext Password: FLEW SLAY STAN BUNK RAT BACH jimmy@lama (192.168.0.50) 13:49 ~ $ exit Connection to 192.168.0.50 closed. jimmy@lama (192.168.0.50) 13:51 ~ $ opieinfo -1 (null) jimmy@lama (192.168.0.50) 13:51 ~ $ opiepasswd Updating jimmy: Segmentation fault jimmy@lama (192.168.0.50) 13:51 ~ $ Jimmy Scott