expect to get hacked

From: zen-parseat_private
Date: Mon Jun 11 2001 - 05:04:33 PDT

Next message: Doug Aide: "Re: Crack Office XP"

Previous message: Thierry: "Re: Crack Office XP"
Next in thread: Olaf Kirch: "Re: expect to get hacked"
Reply: Olaf Kirch: "Re: expect to get hacked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

======================
 expect to get hacked
======================

After looking at a recent discussion on vuln-dev, I decided that
this might as well be released again. Makes the process of exploiting
expect a little

# rpm -qf `which expect`
expect-5.31-46
#

Under Redhat 7.0 expect uses the wrong path for search for its libs,
one of the paths including a /var/tmp/ component.

This means any user can specify code to be executed by anyone else on the
system who makes use of the expect binary.

Seems like one of the worst posible wrong paths you could have.

There is a fix for this. Somewhere.

http://www.securityfocus.com/archive/1/176257

--zen-parse

Next message: Doug Aide: "Re: Crack Office XP"
Previous message: Thierry: "Re: Crack Office XP"
Next in thread: Olaf Kirch: "Re: expect to get hacked"
Reply: Olaf Kirch: "Re: expect to get hacked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 11 2001 - 08:04:07 PDT