[DGD] security fix for kotaka
Shentino
shentino at gmail.com
Tue Jun 19 09:33:06 CEST 2012
Ok, disclosure time.
The bug involves a collision in Game's userd. Normally it's supposed
to ensure a user only logs in once by forbidding the same name to
refer to two different user objects.
However, the login/register ustates that handle authentication and
account management set the user's account name before going to userd,
which would of course promptly barf an error out.
Net result is a user object that is labeled with the username of
someone else who already is logged in, and to boot this bug made it so
that you didn't even have to put in a password.
Keep on DGDing, and feel free to talk about hairbrained bugs of your
own if you so desire.
On Sat, Jun 16, 2012 at 5:04 PM, Shentino <shentino at gmail.com> wrote:
> Just found a doozy of a bug that could be exploited.
>
> I'll post the exploit in 48 hours but for now patching is advised.
More information about the DGD
mailing list