Bugtraq mailing list archives
Re: vulnerability in vi under AIX 3.2 (IN LINUX)
From: l39915 () alfa ist utl pt (Nelson N. Escravana)
Date: Wed, 24 Jul 1996 19:12:14 +0100
-----BEGIN PGP SIGNED MESSAGE----- Marina Buitrago Bravo wrote:
Hello all. I have found out that under AIX 3.2 the vi editor interprets the file ./.exrc, even if you are root and this file is not owned by you. This vulnerability seems rather obvious to me, do you know if a patch exists for this? SunOS 4.1.3 has a similar feature, but the file is interpreted only if root owns the file ./.exrc.
I Have tested it on Slakcware 3.0 and it also executes .exrc even if you are root, and the file doesnt belongs to you. Nelson - -- Nelson N. Escravana <l39915 () alfa ist utl pt> Key fingerprint = E9 52 5A CB 9A B2 FD CE 10 6F 6C 00 AF 87 DF 07 -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBMfZngn2frOMsxm25AQGswAf9FbCRkDRgKCBpje+eXvmlNsDhULJYG3fR tZPTFWne2Dd+KtZ7ZQTt0/yGSr9aDBJSKk3P21NaHXw30H5zaa38WH6k8K7IISKD mPrHgXFmHZvy5p7lqSSjHTyCuIHNBBWvQ5JAlcfXLdFT9fMOEBJIdXzytkBzmLdn +OtVkCQ+WjbnOrgzLjRyJ3LOnLc8C2zfQCJ8sOZ1PzD6a76K1R3jybGDA1W/lANe N0oEudergMHxZOixcDrqK0lv1X25+kbRdOU9lpe94q2M99r3rhrBoHixYwgcugep 0wZOMDWlRB5qVfHhRL5NlUwMNk/DqaESocpzQtRWpwHKp50GdkwgQw== =hfy/ -----END PGP SIGNATURE-----
Current thread:
- Re: HP/UX 10.01 Remote Administration accoun Jeff Uphoff (Jul 18)
- Re: HP/UX 10.01 Remote Administration accoun Mark Sedlock (Jul 18)
- FreeBSD recent exploits. Andy Dills (Jul 18)
- tcp Bj|rge Eikenes (Jul 23)
- Re: tcp Brian Mitchell (Jul 23)
- dg/ux vulnerbility Brian Mitchell (Jul 23)
- vulnerability in vi under AIX 3.2 Marina Buitrago Bravo (Jul 23)
- Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 23)
- Re: vulnerability in vi under AIX 3.2 (IN LINUX) Nelson N. Escravana (Jul 24)
- FreeBSD recent exploits. Andy Dills (Jul 18)
- Re: FreeBSD recent exploits. Cy Schubert - ITSD Open Systems Group (Jul 23)
- Re: HP/UX 10.01 Remote Administration accoun Mark Sedlock (Jul 18)