Bugtraq mailing list archives
Re: xnews and XDM
From: sonecha () eecs umich edu (Vatsal P. Sonecha)
Date: Wed, 20 Jul 1994 22:28:14 -0400 (EDT)
AIX has a similar hole. The DPS server can be entered by /usr/lpp/DPS/bin/dpsexec. Since X runs as root, you can then open and write to any root owned file. I haven't bothered to write an exploit script, but I did try running /etc/security/passwd, and I got a root: UndefinedCommand error. Someone opened a bug against this inside IBM--I forget who, but to my knowledge, know action has been taken. --Sam
What version of AIX would this be? And, I would be very appreciative to find out where I can get an exploit script. Thanks, Vatsal. | __o Vatsal P. Sonecha | Advanced Integrated Solutions, Inc. | | _ \<,_ Monal V. Sonecha | 3745 Greenbrier Blvd, Unit# 227-C | | (_)/ (_) Ph: 313.994.5748 | Ann Arbor, MI 48105-2682 | |~~~~~~~~~~ FAX: 313.994.5758 | United States of America |
Current thread:
- xnews and XDM Sam Hartman (Jul 20)
- Re: xnews and XDM Vatsal P. Sonecha (Jul 20)
- xnews and XDM Sam Hartman (Jul 21)
- /etc/subnetconfig Aleph One (Jul 20)
- xnews and XDM Sam Hartman (Jul 21)
- Possible Ultrix issue A. Rich (Jul 21)
- Re: xnews and XDM Vatsal P. Sonecha (Jul 20)