Re: SunOS exploit.

Christopher X. Candreva (chris@WESTNET.COM)
Mon, 19 May 1997 11:25:03 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Austin Schutz: "Re: SunOS exploit."
Previous message: Jeff Uphoff: "Re: SunOS exploit."
Maybe in reply to: Trevor Linton: "SunOS exploit."
Next in thread: Austin Schutz: "Re: SunOS exploit."

On Sun, 18 May 1997, Trevor Linton wrote:

> On sunos, if you execute a clean bash shell then type, export USER="root"
> then USER=$LOGNAME, then execute chsh root or chfn root you can change
> the root information.

I was unable to duplicate this on SunOS 4.1.3, using bash 2.00.0(1)
/usr/bin/passwd (which chsh and chfn are links to) however are not
original, so possibly some security patch fixed this already.

-Chris

==========================================================
Chris Candreva -- chris@westnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/

Next message: Austin Schutz: "Re: SunOS exploit."
Previous message: Jeff Uphoff: "Re: SunOS exploit."
Maybe in reply to: Trevor Linton: "SunOS exploit."
Next in thread: Austin Schutz: "Re: SunOS exploit."