Bugtraq mailing list archives
Re: Zolaris 2.5 Exploited.
From: wolfe () ems psu edu (Jeff Wolfe)
Date: Fri, 26 Jul 1996 16:09:41 -0400
In message <9607261753.AA03840 () sol acs uwosh edu>, "Brian T. Wightman" writes:
Not true. The script created a file /.rhosts. This file is the only
file used to verify root rlogins. ~/.rhosts and /etc/hosts.equiv are
used to authenticate other users (this of course is not taking into
account a feature of some r{login,sh}d programs that disable
~/.rhosts). The symlink creates that file if it does not exist on the
workstation.
The /etc/hosts.equiv file does not exist here either.
It appears that the exploit only works when there is no .rhosts file. I haven't been able to get the kcms utils to change the permissions on an existing .rhosts file.
However, this point becomes meaningless when you look at admintool and see that the same type of exploit can be used (also posted previously).
The same conditions apply to the admintool exploit. If the file exists, it won't work, but if the file does not exist, the exploit will create the file owned by root with mode 666 permissions.
Nothing personal, just don't want anyone getting a false sense of security from this.
-Jeff
Current thread:
- Re: Zolaris 2.5 Exploited. Leif Hedstrom (Jul 25)
- admintool (was Re: Zolaris 2.5 Exploited.) anthony baxter (Jul 25)
- <Possible follow-ups>
- Zolaris 2.5 Exploited. Jungseok Roh (Jul 26)
- Re: Zolaris 2.5 Exploited. Brian T. Wightman (Jul 25)
- Re: Zolaris 2.5 Exploited. Jungseok Roh (Jul 26)
- Re: Zolaris 2.5 Exploited. Brian T. Wightman (Jul 25)
- Re: Zolaris 2.5 Exploited. Eugene Bradley (Jul 26)
- Re: Zolaris 2.5 Exploited. Matthew G. Harrigan (Jul 26)
- Re: Zolaris 2.5 Exploited. Steph Bridges (Jul 26)
- Re: Zolaris 2.5 Exploited. Jeff Wolfe (Jul 26)