Bugtraq mailing list archives
SCO World Script Vulnerabilities
From: ben () ALGROUP CO UK (Ben Laurie)
Date: Wed, 11 Nov 1998 18:16:04 +0000
I don't use SCO any more (well, I can give it up any time, honest), but I still get their mags. So, this morning I was leafing through SCO World, August '98 and September/October '98. Therein we find "Nuthin' but Net", "Administering Your System via the Web" by Jim Mohr. This suggests so many really Bad Things it is difficult to know where to start, but here goes. 1. First, set up .rhosts on all your servers, so the webserver can log in and do stuff. 2. Let the user specify the server name as a CGI parameter. Any name they like. 3. Now, using perl, pass that name, unvetted, to rsh like so: open(MSG,'rsh '.$server.' other stuff'); Wonderful. I wonder if we can find a SCO server running this stuff? Oh, BTW, here's a particular gem I shall treasure forever: "Lowering security to make Web access easier is less of a problem". Yeah, right! Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/ and Technical Director|Email: ben () algroup co uk | A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/ London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
Current thread:
- Xinetd /tmp race? Balazs Nagy (Nov 10)
- SCO World Script Vulnerabilities Ben Laurie (Nov 11)
- Re: SCO World Script Vulnerabilities Joe (Nov 12)
- WARNING: Another ICQ IP address vulnerability Mnemonix (Nov 11)
- Citadel security exploits? Stout, Bill (Nov 11)
- Re: Xinetd /tmp race? Wayne Schroeder (Nov 11)
- Re: Xinetd /tmp race? Glynn Clements (Nov 11)
- <Possible follow-ups>
- Re: Xinetd /tmp race? Jesús Cea Avión (Nov 12)
- Re: Xinetd /tmp race? Glynn Clements (Nov 12)
- Re: Xinetd /tmp race? Casper Dik (Nov 14)
- Re: Xinetd /tmp race? Marc Heuse (Nov 13)
- Re: Xinetd /tmp race? Pavel Kankovsky (Nov 13)
(Thread continues...)
- SCO World Script Vulnerabilities Ben Laurie (Nov 11)