Bugtraq mailing list archives

dg/ux vulnerbility

From: brian () saturn net (Brian Mitchell)
Date: Tue, 23 Jul 1996 19:03:07 -0400


There seems to be a vulnerbility in dg/ux (tested in 5.4r3.10) - it
includes ospf_monitor (from the gated package). Unfortunately, it is a
older version and has a security hole.

It is a suid program, and has a command to write to a file, so something
like this:

umask 0
ospf_monitor
F /tmp/foo
x

This should create a 0 byte world writable file called /tmp/foo, assuming
/tmp/foo does not exist. If it exists, it will be truncated, permissions
obviously will not be modified.


Brian Mitchell                                          brian () saturn net
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

Current thread:

Re: HP/UX 10.01 Remote Administration accoun Jeff Uphoff (Jul 18)
- Re: HP/UX 10.01 Remote Administration accoun Mark Sedlock (Jul 18)
  - FreeBSD recent exploits. Andy Dills (Jul 18)
    - tcp Bj|rge Eikenes (Jul 23)
    - Re: tcp Brian Mitchell (Jul 23)
    - dg/ux vulnerbility Brian Mitchell (Jul 23)
    - vulnerability in vi under AIX 3.2 Marina Buitrago Bravo (Jul 23)
    - Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 23)
    - Re: vulnerability in vi under AIX 3.2 (IN LINUX) Nelson N. Escravana (Jul 24)
    - Re: FreeBSD recent exploits. Cy Schubert - ITSD Open Systems Group (Jul 23)