QNX 4.25 suided dhcp.client binary

To: bugtraq@xxxxxxxxxxxxxxxxx, Vuln@xxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: QNX 4.25 suided dhcp.client binary
From: lms@xxxxxxxx
Date: Sat, 03 Dec 2005 17:33:39 +0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Internet Messaging Program (IMP) H3 (4.0.3)

Hello all,

I recently got a QNX 4.25 vmware image and i found that the dhcp.client shipped
with it is suided.

This obviously enables a normal user to control the NIC's configuration and
produce some other attacks (eg: if the system has some services which depend on
'host/ip based' authentication [NFS,NIS,rlogin, etc]).

Some vmware screenshots are available at:
http://lms.ispgaya.pt/goodies/qnx/

I havent got access to other QNX installations so, allthough the person who gave
me the image said the binary wasnt changed, can anybody else confirm this?

Best regards,
+---------------------------------
| Luís Miguel Ferreira da Silva
| Unidade de Qualidade e Segurança
| Centro de Informática
| Professor Correia Araújo
| Faculdade de Engenharia da
| Universidade do Porto

Attachment: binL4u6BNfuQo.bin
Description: PGP Public Key

Prev by Date: [Updated] [FLSA-2005:166943] Updated php packages fix security issues
Next by Date: DMA[2005-1202a] - 'sobexsrv - Scripting/Secure OBEX Server format string vulnerability'
Previous by thread: [Updated] [FLSA-2005:166943] Updated php packages fix security issues
Next by thread: DMA[2005-1202a] - 'sobexsrv - Scripting/Secure OBEX Server format string vulnerability'
Index(es):
- Date
- Thread