Bugtraq mailing list archives
Solaris 2.5 x86 aspppd (semi-exploitable-hole)
From: shadows () whitefang com (Thamer Al-Herbish)
Date: Fri, 20 Dec 1996 20:53:56 +0200
Although initialy when I first saw this hole I thought "noone is realy vunerable", but after seeing how badly aspppd handled my modem line getting dropped (Solaris doesnt down the interface, so you have to either restart aspppd, or do it manualy), I figured some people running scripts that restart aspppd might be. Its relatively simple, in /tmp/ lies .asppp.fifo which is world r/w if aspppd isnt running you simply ln -s /.rhosts /tmp/.asppp.fifo, when root executes aspppd, /.rhosts is opened r/w as a fifo, the second aspppd dies /.rhosts becomes a normal file world r/w. aspppd isnt setuid, so it must be run by root and later killed for any of this to work. Not likely, but if your like me and have a small script to keep up your link, (not anymore) your probably vunerable. ------------------------------------------------------------------------------ Thamer Al-Herbish (ShadowS) The views expressed here, have no relevance shadows () whitefang com to those of my employer. And may not have shadows () kuwait net any relevance to subject at hand. -=whitefang dawt kawm=- -------------------------------------------------------------------------------
Current thread:
- Re: CERT/AUCERT, (continued)
- Re: CERT/AUCERT itudps (Dec 19)
- Re: CERT/AUCERT Aleph One (Dec 19)
- Re: CERT/AUCERT Theo de Raadt (Dec 19)
- Slow vendor response Alan Cox (Dec 20)
- CERT Bashing, etc Aleph One (Dec 19)
- Re: CERT/AUCERT Yuri Volobuev (Dec 19)
- Re: CERT/AUCERT Tung-Hui Hu (Dec 19)
- TCP bug on old Solaris box ? Gilles Soulet (Dec 20)
- Re: TCP bug on old Solaris box ? Nathan Lawson (Dec 21)
- Buffer overflow in Linux's login program Joe Zbiciak (Dec 22)
- Solaris 2.5 x86 aspppd (semi-exploitable-hole) Thamer Al-Herbish (Dec 20)
- CERT, CIAC, etc. and unethical practices Thamer Al-Herbish (Dec 20)
- ANNOUNCE: Crack v5.0a available... Alec Muffett (Dec 20)
- Security Survey Aleph One (Dec 20)