Vulnerability Development mailing list archives
Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)
From: funkysh () KRIS TOP PL (Janusz Niewiadomski)
Date: Mon, 5 Jun 2000 10:24:21 +0200
On Sun, Jun 04, 2000 at 10:59:13AM -0700, Daniel Jacobowitz wrote:
Well, it does generate a shell on Debian/woody, but Mail has already dropped priviledges: drow@quaketop:~% ./mail type '.' and enter: . Cc: too long to edit sh-2.04$ id uid=1000(drow) gid=1000(drow) groups=1000(drow)
Err.. the only difference is on Slackware: funkysh@slk:~$ grep mail /etc/group mail::12:mail on Debian: funkysh@deb:~$ grep mail /etc/group mail::8:mail Mail on Debian doesn't drop priviledges, exploit code included. funkysh@deb:~$ gcc -o mailx mailx.c ; ./mailx -7000 Hit '.' to get shell.. . Cc: too long to edit sh-2.03$ id uid=1014(funkysh) gid=8(mail) groups=100(users) regards. -- funkySh [ mailto: funkysh () poz supermedia pl funkysh () kris top pl ] Gdzie zegar ktory wskazuje,.. co myslisz i co czujesz,.. kto wie? PGP fingerprint 16 A6 A1 D8 AA 8F 85 3C 61 A3 14 49 E8 78 ED A1 <HR NOSHADE> <UL> <LI>text/x-csrc attachment: mailx.c </UL>
Current thread:
- /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Paulo Ribeiro (Jun 02)
- Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Daniel Jacobowitz (Jun 04)
- Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Paulo Ribeiro (Jun 04)
- Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Daniel Jacobowitz (Jun 04)
- Mailx fix Daniel Jacobowitz (Jun 04)
- Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Janusz Niewiadomski (Jun 05)
- Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Daniel Jacobowitz (Jun 04)