Re: SunOS exploit.

Trevor Linton (blind@SEDATED.NET)
Mon, 19 May 1997 04:14:21 +0000

This worked on SunOS 5.5.1 Generic_103640-05 sun4m sparc.

Please mind you that this only works on versions of programs
that use getenv("USER"); to obtain the username, i'm also aware
anyone who uses elm on ANY system, linux, bsd, SunOS included
can read any users mail :P. getenv("USER") on programs that are
reliant on the USERNAME isn't safe especially when there +s'ed.

blind - blind@root.hax0r.org support@hax0r.org
Swingin' Utters. a juvenile product of the working class.

"People who are having trouble communicating should just shuttup"

On Mon, 19 May 1997, Jeff Uphoff wrote:

> "TL" == Trevor Linton <blind@SEDATED.NET> writes:
>
> TL> On sunos, if you execute a clean bash shell then type, export USER="root"
> TL> then USER=$LOGNAME, then execute chsh root or chfn root you can change
> TL> the root information.
>
> TL> On the SunOS system i have [...]
>
> What version(s) of SunOS?
>
> I just tried this on an old 4.1.2 system I have and I could not
> duplicate it.
>
> --Up.
>
> --
> Jeff Uphoff - Scientific Programming Analyst | juphoff@nrao.edu
> National Radio Astronomy Observatory | juphoff@bofh.org.uk
> Charlottesville, VA, USA | jeff.uphoff@linux.org
> PGP key available at: http://www.cv.nrao.edu/~juphoff/
>