Bugtraq mailing list archives
Re: Exploit for Linux wu.ftpd hole
From: lak () home crimelab com (Larry Kruper)
Date: Wed, 5 Jul 1995 19:40:51 -0700
On Wed, 5 Jul 1995, Henri Karrenbeld wrote:Date: Wed, 5 Jul 1995 18:44:17 +0100 From: Henri Karrenbeld <H.Karrenbeld () ct utwente nl> To: Multiple recipients of list BUGTRAQ <BUGTRAQ () CRIMELAB COM> Subject: Exploit for Linux wu.ftpd holeminicom has a known, but not very well-known hole in it that is nearly identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71 version of minicom, you can get root, its the same sort of thing, seteuid(0), and then make a suid root shell somewhere - you do it by changing the name of 'runscript' to your shell... It wouldnt really be much of a problem, except that linux to this day (i believe) continues to have the users gonzo, satan, and snake in minicom.users (or the slackware release does, at the very least). ---
So, how is this bug exploited if gonzo, satan or snake are not in /etc/passwd ? With the minicom F - username (i.e. satan) I do not get an error for not being in the minicom.users file, but J does not jump to a shell. How is this done ? I am doing this on my own system, not someone elses. lak
Current thread:
- Exploit for Linux wu.ftpd hole Henri Karrenbeld (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Karl Strickland (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Larry Kruper (Jul 05)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- Re: Exploit for Linux wu.ftpd hole Timothy Newsham (Jul 05)
- Linux FIOSETOWN ioctl hole Marek Michalkiewicz (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Darren Reed (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Marc W. Mengel (Jul 06)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 08)
- web site Aleph One (Jul 07)
- Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Dr. Frederick B. Cohen (Jul 09)
- Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Darren Reed (Jul 09)
- updated-secure-w#-daemons Dr. Frederick B. Cohen (Jul 09)
- Re: Exploit for Linux wu.ftpd hole Mike Edulla (Jul 05)