Bugtraq mailing list archives
Re: Beer & talk at Usenix Security Symposium
From: alx () CS bgu ac il (Alexander L. Haiut)
Date: Sat, 3 Jun 1995 03:10:43 +0200 (GMT+0200)
Obbug:I have noticed this on SunOS 4.1.3 running X11R5 and motif 1.2.3. Anyone can get limited (possibly more) access to the system if: -There is a ".xsession" file that is world readable in the root "/" directory (i.e. 644 as usual) -Sync account is left with default passwd entry of "sync::5:1:/:/bin/csh" (i.e. Which is the Sun install default)
If my memory serves me well, the SunOS 4.1.x default passwd entry for sync is: "sync::1:1::/:/bin/sync". Am I wrong ? Sure, this should be fixed because of things you show and the LD_LIBRARY_PATH bug. .xsession exploit is fine, but I've never seen .xsession file in root directory.. :) Thanks! --alex. -- Alexander L. Haiut +971-7-461658 Math & CS System group alx () cs bgu ac il Ben-Gurion University, Israel http://www.cs.bgu.ac.il/~alx/
Current thread:
- Beer & talk at Usenix Security Symposium Paul (Jun 01)
- Re: Beer & talk at Usenix Security Symposium Alexander L. Haiut (Jun 02)