Bugtraq mailing list archives
X11R6 NetBSD Security Problem
From: telnetd () DOEMILL SHOCKING COM (in.telnetd)
Date: Sun, 21 Mar 1999 21:34:48 -0800
Hey If this has already been brought up, you have the right to stone me to death, But I havent seen it and ive searched, so here it is: I was fooling around today, and decided to rm /tmp/.X11-unix and then make a symbolic link from a file to /tmp/.X11-unix and then startx. So I backed up /etc/passwd and ln -s /etc/passwd /tmp/.X11-unix and then startx'd as normal user acount, But X wouldnt start, it complained and said "is not a directory" So, I made a symbolic link from /root to /tmp/.X11-unix, and startx'd as a normal user, and was suprised to have write access to /root. I was able to write new files to /root but was not able to overright or change files, i was able to make a "+ +" .rhosts though. I did this to /etc also, changed it from: drwxr-xr-x To: drwxrwxrwt with: telnetd ~$ ln -s /etc /tmp/.X11-unix telnetd ~$ startx I have tested this via a remote telnet sesion also, It works if you are able to startx and X isnt already running, I swung my chair around and got on my gateway, telneted to stinky, logged in as a normal user, ln -s /etc /tmp/.X11-unix, startx'd remotly, Saw the X startup crap, looked behind me and saw X starting on stinky, I turned to my gateway and stoped X, and had write access to /etc. wh00t@$#!$ The only real thing I can think of for this to be usefull is .rhosts in /root... later telnetd () doemill shocking com
Current thread:
- X11R6 NetBSD Security Problem in.telnetd (Mar 21)
- Re: X11R6 NetBSD Security Problem in.telnetd (Mar 21)
- Re: X11R6 NetBSD Security Problem Petras Sinkevicius (Mar 26)
- FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 22)
- ANNOUNCE: New Security Tool: HostSentry 0.02 Alpha Craig H. Rowland (Mar 25)
- Re: FrontPage + Apache + FreeBSD Roberto Grassi (Mar 26)
- Re: FrontPage + Apache + FreeBSD Gregory A. Carter (Mar 26)
- abuse of nickserv Nelson Little (Mar 23)
- Linux 2.2.3 patch to prevent FIN/NULL/XMAS scans Taral (Mar 24)
- not only NetBSD [was Re: X11R6 NetBSD Security Problem] Pavel Machek (Mar 26)
- Re: X11R6 NetBSD Security Problem Matthieu Herrb (Mar 26)
(Thread continues...)
- Re: X11R6 NetBSD Security Problem in.telnetd (Mar 21)