Bugtraq mailing list archives
Re: SunOS exploit.
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Tue, 20 May 1997 09:43:11 +0200
This worked on SunOS 5.5.1 Generic_103640-05 sun4m sparc. Please mind you that this only works on versions of programs that use getenv("USER"); to obtain the username, i'm also aware anyone who uses elm on ANY system, linux, bsd, SunOS included can read any users mail :P. getenv("USER") on programs that are reliant on the USERNAME isn't safe especially when there +s'ed.
SunOS 5.x/Soalris 2.x doesn't come with chfn/chsh. So if you have binaries that produce this bug under SunOS 5.5.1, you have installed them yourself. BTW, for proper operation chfn/chsh like programs need to be set-uid. Casper
Current thread:
- Re: SunOS exploit. Jeff Uphoff (May 19)
- Re: SunOS exploit. Trevor Linton (May 18)
- /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's Dixon Ly (May 19)
- Re: /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's Fabrice Planchon (May 20)
- Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on Sparc Walter Hafner (May 21)
- write(1) test (May 21)
- Re: write(1) Jauder Ho (May 22)
- Re: Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on Mike Scher (May 21)
- Re: Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on Doug Hughes (May 22)
- /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's Dixon Ly (May 19)
- Re: SunOS exploit. Trevor Linton (May 18)
- Re: SunOS exploit. & DigitalUnix Joe Zbiciak (May 20)