Bugtraq mailing list archives
Re: IRIX 5.3 chost
From: nickless () MCS ANL GOV (Bill Nickless)
Date: Tue, 13 Aug 1996 18:31:17 -0500
Well folks, looks like even with the latest patches installed I can still use the exploit in http://www.eecs.nwu.edu/~jmyers/bugtraq/1099.html to edit /etc/aliases. So: I too recommend that one should run this /bin/sh fragment or it's equivalent, which I've added to our system setup and maintenance script: --- #!/bin/sh # Exploit from http://www.eecs.nwu.edu/~jmeyers/bugtraq/1099.html # will work even with the patches installed as of 13 August 1996. # Accordingly, turning off the suid bits on the Cadmin programs. for p in cexport cformat chaltsys chost chostInfo cimport clogin \ cmidi configClogin cpeople cports cpuView csetup cswap \ diskView tapeView videoView do /bin/chmod u-s /usr/Cadmin/bin/$p done --- Note that this is a problem only if you have preexisting NFS mounts; without a real root password I was unable to create the NFS mount required for the exploit referenced above to work. -- Bill Nickless nickless () mcs anl gov +1 630 252 7390
Current thread:
- CERT Advisory CA-96.19 - Vulnerability in expreserve, (continued)
- CERT Advisory CA-96.19 - Vulnerability in expreserve Pete Ashdown (Aug 15)
- Re: CERT Advisory CA-96.19 - Vulnerability in expreserve Casper Dik (Aug 18)
- Re: Tracking tools? Greg Miller (Aug 15)
- Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
- Re: mail storm Darrell Fuhriman (Aug 13)
- Re: mail storm Ed Arnold (Aug 14)
- list mail meta-question der Mouse (Aug 13)
- Re: IRIX 5.3 chost Neil J Long (Aug 16)
- Live playback of tcpdump data Ficus Kirkpatrick (Aug 17)
- Re: Live playback of tcpdump data pc (Aug 18)