Bugtraq mailing list archives

Re: your mail

From: jamie () dilbert iagnet net (Jamie Rishaw)
Date: Mon, 24 Mar 1997 09:14:31 -0500

Hello fellow mongoloids
Try this:
Make hard link of /etc/passwd to /var/tmp/dead.letter
Telnet to port 25, send mail from some bad email address to some unreacheable hoost.
Watch your message get appended to passwd.
ie:
cowzilla::0:0:c0wz1ll4 0wns u:/:/bin/sh


This is why Good Little Sysadmins(tm) have /, /var, /tmp, /usr, etc. on
separate partitions and/or drives.

If /etc and /var/tmp are on different partitions this wont work. Can't
symlink cross-device far as I know.

This is not good.  Worked with my 8.8.4, will probably also work with 8.8.5
Root for the whole family

-Cowzilla the omnipotent b0v1n3
PD
Greets to various #2600 people



--
jamie g.k. rishaw <jamie () iagnet net> - Internet Access Group [www.iagnet.net]
  -  Cleveland  -  Akron  -  Pittsburgh  -  Detroit  -  Columbus  -  Toledo  -
Corp: (800) 637 4IAG / (216) 623 3565. DID: (216) 902 5455. FAX (216) 623 3566.
Personal: jamie@@arpa.com || jamie@@null.net (Remove second @, nonspammers) =)

Current thread:

Re: symlink bug in tin/rtin, (continued)
- - - Re: symlink bug in tin/rtin Nelson Murilo (Mar 29)
    - ANNOUNCE : NTCrack v2.0 Jonathan Wilkins (Mar 29)
    - more sendmail poop *Hobbit* (Mar 25)
    - Reported Sendmail 8.8.4 Exploit gshapiro () SENDMAIL ORG (Mar 25)
    - minor vulnerability in ELM Dmitry E. Kim (Mar 26)
    - FreeBSD-SA-97:02: Buffer overflow in lpd Aleph One (Mar 26)
  - Cisco 2509/2511 Albert Siersema (Mar 24)
    - Re: Cisco 2509/2511 Dan Brown (Mar 24)
    - Re: Cisco 2509/2511 Erdinc KAYA (Mar 24)
- Re: your mail Stefan Laudat (Mar 24)
- Re: your mail Jamie Rishaw (Mar 24)
  - Re: your mail Illuminati Primus (Mar 24)
  - ObNag: running sendmail as root Tom Guptill (Mar 24)
- buffer over in hp-ux 10.20 kernel Darren Reed (Mar 23)
- Re: buffer over in hp-ux 10.20 kernel Security Alert (Mar 26)