Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)

From: drow () FALSE ORG (Daniel Jacobowitz)
Date: Sun, 4 Jun 2000 10:59:13 -0700

On Fri, Jun 02, 2000 at 07:53:58PM -0300, Paulo Ribeiro wrote:

/*
 * mail-slak.c (C) 2000 Paulo Ribeiro <prrar () nitnet com br>
 *
 * Exploit for /usr/bin/Mail.
 * Made specially for Slackware Linux 7.0.
 * Based on mailx.c by funkySh.


Well, it does generate a shell on Debian/woody, but Mail has already
dropped priviledges:

drow@quaketop:~% ./mail
type '.' and enter: .
Cc: too long to edit
sh-2.04$ id
uid=1000(drow) gid=1000(drow) groups=1000(drow)

Same back to Debian/slink.

Dan

/--------------------------------\  /--------------------------------\
|       Daniel Jacobowitz        |__|        SCS Class of 2002       |
|   Debian GNU/Linux Developer    __    Carnegie Mellon University   |
|         dan () debian org         |  |       dmj+ () andrew cmu edu      |
\--------------------------------/  \--------------------------------/
Previous By Date Next
Previous By Thread Next

Current thread: