IRIX /usr/lib/print/netprint local root symbols exploit.

From: v9at_private
Date: Wed Apr 25 2001 - 22:51:10 PDT

Next message: Markus Friedl: "Re: OpenSSL-0.9.6a has security fixes"

Previous message: Nicolas Gregoire: "Re: Double clicking on innocent looking files may be dangerous"
Next in thread: Dale Southard: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Reply: Dale Southard: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Reply: Atro Tossavainen: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Reply: v9at_private: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i haven't audited anything in some time.  well, i
just noticed this because i am doing a project
with a name similar to "netprint" and i was
wondering if it was at all related to what i was
doing.  it wasn't.  but, i noticed it was setuid
root and had a little bug.

this bug takes advantage of the -n option witch
has a bug that allows for arbitrary commands to be
executed.

exploit source code:
http://realhalo.org/xnetprint.c

Vade79 -> v9at_private -> realhalo.org.

Next message: Markus Friedl: "Re: OpenSSL-0.9.6a has security fixes"
Previous message: Nicolas Gregoire: "Re: Double clicking on innocent looking files may be dangerous"
Next in thread: Dale Southard: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Reply: Dale Southard: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Reply: Atro Tossavainen: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Reply: v9at_private: "Re: IRIX /usr/lib/print/netprint local root symbols exploit."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 09:45:43 PDT