Bugtraq mailing list archives

Re: hpux 10.0 remote administration

From: mharrigan () cisco com (Matthew G. Harrigan)
Date: Mon, 15 Jul 1996 12:40:24 -0700


At 10:16 PM 7/15/96 +0300, you wrote:

sam_exec is still used

Do you happen to know what password they use for sam_exec ;-)
(the concept looks dangerous, I have not had time to really
look at it. But I didn't enable it either...)


Yes. there is a default password. Im not sure if
it has been changed for 10.X, but if you run
crack on it, you will find it without a question.
At that point, anyone can pretty much log into your
machine as sam_exec and hit ctl-c to obtain a
uid 0 shell.

Matt

 Matthew G. Harrigan            |cisco Systems
 Internet Systems Engineer      |mharrigan () cisco com
 -------------------------------|408-527-3852 (x63582)
"640K ought to be enough for    |Email Pager:
 anybody. " - Bill Gates, 1981  |mharrigan () airnote net

Current thread:

Re: hpux 10.0 remote administration Matthew G. Harrigan (Jul 15)
- Re: hpux 10.0 remote administration nate (Jul 15)
- <Possible follow-ups>
- Re: hpux 10.0 remote administration Matt Barrie SYD (Jul 15)
- Re: hpux 10.0 remote administration Matthew G. Harrigan (Jul 16)