Possible problem of AIX mount

Weizen (b811043@MATH.NTU.EDU.TW)
Tue, 22 Apr 1997 09:32:41 +0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Oliver Friedrichs: "SNI-12: BIND Vulnerabilities and Solutions"
Previous message: webroot: "NT User List Exploit"

I have access to a group of AIX 4.systems ,which has suid root mount.
IF you try to mount a NFS file system,it will tell you "Only root or
member of system group can NFS mount/umount".In the AIX I can
access,nuucp is a member of system group(maybe by default).i.e nuucp can
mount /umount an NFS contain suid root shell and then become root!
Since nuucp's is not 0,in some case,it is easier to get nuucp access
then to get a root access.
In the group of AIX computers I can use,if I cracked root on one of NFS client
, I can easily execute program on NFS server remotely with euid nuucp
to create a .forward for nuucp on NFS server,and then do
a NFS mount,then become superuser of NFS server.

It is not a big problem,but still not a good idea to allow to many
account have power to NFS mount.

Next message: Oliver Friedrichs: "SNI-12: BIND Vulnerabilities and Solutions"
Previous message: webroot: "NT User List Exploit"