RE: spying (deleted) file entries in other users' directories

From: Maximiliano Pérez (mpat_private)
Date: Fri Jun 28 2002 - 09:46:39 PDT

  • Next message: Vanja Hrustic: "Re: Possible flaw in XFree?"

    AIX 4.3.3,  HPUX 11.00 and 10.20 , work this way.
    
    Cheers.
    
    -----Mensaje original-----
    De: D.C. van Moolenbroek [mailto:xanaduat_private]
    Enviado el: Monday, June 24, 2002 6:47 AM
    Para: FozZy
    CC: vuln-devat_private
    Asunto: Re: spying (deleted) file entries in other users' directories
    
    
    Hi there,
    
    > I saw this for the first time 3 years ago on a SunOS system while doing
    "cat /root" as a user. I don't know if current Sun systems are patched or
    not.
    
    Solaris 8 is vulnerable at least, the scenario you attached works on Solaris
    8 exactly the same way...don't know about Solaris 9. On a sidenote, IRIX is
    not vulnerable.
    
    $ uname -svr
    SunOS 5.8 Generic_108528-14
    
    Note that on my system, reading doesn't work on /tmp ("input error: Invalid
    argument"); it seems to work on all other directories though. Generally I
    suppose it's a bad idea to put something sensitive in a filename, but what
    do the other bytes represent, that show up in the hexdump?
    
    -David
    
    --
    class sig{static void main(String[]s){for// D.C. van Moolenbroek
    (int _=0;19>_;System.out.print((char)(52^// (CS student, VU, NL)
    "Y`KbddaZ}`P#KJ#caBG".charAt(_++)-9)));}}// -Java sigs look bad-
    



    This archive was generated by hypermail 2b30 : Fri Jun 28 2002 - 12:14:52 PDT