Vulnerability Development mailing list archives
expect to get hacked
From: <zen-parse () gmx net>
Date: Tue, 12 Jun 2001 00:04:33 +1200 (NZST)
====================== expect to get hacked ====================== After looking at a recent discussion on vuln-dev, I decided that this might as well be released again. Makes the process of exploiting expect a little # rpm -qf `which expect` expect-5.31-46 # Under Redhat 7.0 expect uses the wrong path for search for its libs, one of the paths including a /var/tmp/ component. This means any user can specify code to be executed by anyone else on the system who makes use of the expect binary. Seems like one of the worst posible wrong paths you could have. There is a fix for this. Somewhere. http://www.securityfocus.com/archive/1/176257 --zen-parse
Current thread:
- expect to get hacked zen-parse (Jun 11)
- Re: expect to get hacked Olaf Kirch (Jun 11)