Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exploit for Linux wu.ftpd hole

From: lak () home crimelab com (Larry Kruper)
Date: Wed, 5 Jul 1995 19:40:51 -0700


On Wed, 5 Jul 1995, Henri Karrenbeld wrote:


Date: Wed, 5 Jul 1995 18:44:17 +0100
From: Henri Karrenbeld <H.Karrenbeld () ct utwente nl>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ () CRIMELAB COM>
Subject: Exploit for Linux wu.ftpd hole


minicom has a known, but not very well-known hole in it that is nearly
identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71
version of minicom, you can get root, its the same sort of thing,
seteuid(0), and then make a suid root shell somewhere - you do it by
changing the name of 'runscript' to your shell...

It wouldnt really be much of a problem, except that linux to this day (i
believe) continues to have the users gonzo, satan, and snake in
minicom.users (or the slackware release does, at the very least).
---


So, how is this bug exploited if gonzo, satan or snake are not in /etc/passwd ?
With the minicom F - username (i.e. satan) I do not get an error for not
being in the minicom.users file, but J does not jump to a shell. How is this
done ?

I am doing this on my own system, not someone elses.

lak
Previous By Date Next
Previous By Thread Next

Current thread: