Bugtraq mailing list archives

Re: IRIX 5.3 chost

From: nickless () MCS ANL GOV (Bill Nickless)
Date: Tue, 13 Aug 1996 18:31:17 -0500


Well folks, looks like even with the latest patches installed I can still
use the exploit in http://www.eecs.nwu.edu/~jmyers/bugtraq/1099.html to
edit /etc/aliases.

So: I too recommend that one should run this /bin/sh fragment or it's
equivalent, which I've added to our system setup and maintenance script:

---
#!/bin/sh
# Exploit from http://www.eecs.nwu.edu/~jmeyers/bugtraq/1099.html
# will work even with the patches installed as of 13 August 1996.
# Accordingly, turning off the suid bits on the Cadmin programs.

for p in cexport cformat chaltsys chost chostInfo cimport clogin \
        cmidi configClogin cpeople cports cpuView csetup cswap \
        diskView tapeView videoView
do
        /bin/chmod u-s /usr/Cadmin/bin/$p
done
---

Note that this is a problem only if you have preexisting NFS mounts; without
a real root password I was unable to create the NFS mount required for the
exploit referenced above to work.
--
Bill Nickless                   nickless () mcs anl gov          +1 630 252 7390

Current thread:

CERT Advisory CA-96.19 - Vulnerability in expreserve, (continued)
- - - CERT Advisory CA-96.19 - Vulnerability in expreserve Pete Ashdown (Aug 15)
    - Re: CERT Advisory CA-96.19 - Vulnerability in expreserve Casper Dik (Aug 18)
    - Re: Tracking tools? Greg Miller (Aug 15)
    - Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
    - Re: mail storm Darrell Fuhriman (Aug 13)
    - Re: mail storm Ed Arnold (Aug 14)
    - list mail meta-question der Mouse (Aug 13)
- Re: IRIX 5.3 chost Bill Nickless (Aug 12)
- Re: IRIX 5.3 chost Vern Hart (Aug 12)
- Re: IRIX 5.3 chost Bill Nickless (Aug 12)
- Re: IRIX 5.3 chost Bill Nickless (Aug 13)
- Re: IRIX 5.3 chost Bill Nickless (Aug 14)
  - Re: IRIX 5.3 chost Neil J Long (Aug 16)
  - Live playback of tcpdump data Ficus Kirkpatrick (Aug 17)
    - Re: Live playback of tcpdump data pc (Aug 18)