Re: potential root exploit with help from sam (HP-UX 10.x)

David Hyams (nhyamd@ASCOM.CH)
Thu, 15 May 1997 08:51:21 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Sergiusz Fonrobert: "Re: cxterm buffer overrun"
Previous message: Scott McClung: "Re: Reminder for irix ppl"
Maybe in reply to: David Hyams: "potential root exploit with help from sam (HP-UX 10.x)"
Next in thread: Tim.Matthews@NESTLEGB.NESTLE.COM: "Re: potential root exploit with help from sam (HP-UX 10.x)"

Trevor Schroeder wrote:
>
> You've certainly got a case for a very potent DoS. Link to any file you want:
> /bin/sh, /etc/passwd, /bin/login, etc. and *poof* there it goes.
>

Not quite, sam only appends to the file, it doesn't truncate it.
I tried making a link to /etc/passwd and all I got was a couple of hundred
lines of junk appended to the existing /etc/passwd file.

David Hyams

Next message: Sergiusz Fonrobert: "Re: cxterm buffer overrun"
Previous message: Scott McClung: "Re: Reminder for irix ppl"
Maybe in reply to: David Hyams: "potential root exploit with help from sam (HP-UX 10.x)"
Next in thread: Tim.Matthews@NESTLEGB.NESTLE.COM: "Re: potential root exploit with help from sam (HP-UX 10.x)"