Re: potential root exploit with help from sam (HP-UX 10.x)

Trevor Schroeder (tschroed@CHEETAH.WSC.EDU)
Wed, 14 May 1997 10:43:35 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "cxterm buffer overrun"
Previous message: Nafees Bin Zafar: "Reminder for irix ppl"
Maybe in reply to: David Hyams: "potential root exploit with help from sam (HP-UX 10.x)"
Next in thread: David Hyams: "Re: potential root exploit with help from sam (HP-UX 10.x)"

On Wed, 14 May 1997, David Hyams wrote:

> So, if I make a symbolic link from /var/tmp/outdata to
> /.rhosts (say), and wait for the sys-admin to run sam to configure
> networking, I can get a /.rhosts file. Admittedly this isn't too
> interesting as the file doesn't have the famous "+ +" in it. However,
> if your sysadmin happens to have umask set to 0 then you've now got a

You've certainly got a case for a very potent DoS. Link to any file you want:
/bin/sh, /etc/passwd, /bin/login, etc. and *poof* there it goes.

____________________________________________________________
"One unerring mark of the love of truth is not entertaining
any propositions with greater assurance than the proofs it
is built upon will warrant" -- John Locke, 1690

Trevor Schroeder tschroed@cheetah.wsc.edu
------------------------------------------------------------

Next message: Aleph One: "cxterm buffer overrun"
Previous message: Nafees Bin Zafar: "Reminder for irix ppl"
Maybe in reply to: David Hyams: "potential root exploit with help from sam (HP-UX 10.x)"
Next in thread: David Hyams: "Re: potential root exploit with help from sam (HP-UX 10.x)"