[91] in Best-of-Security
BoS: 8.8.4 exploit
daemon@ATHENA.MIT.EDU (proff@suburbia.net)
Mon Mar 24 07:42:23 1997
From: proff@suburbia.net
Date: Mon, 24 Mar 1997 23:03:20 +1100 (EST)
Reply-To: best-of-security@suburbia.net
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
> From: C0WZ1LL4@NETSPACE.ORG
> To: BUGTRAQ@NETSPACE.ORG
> Hello fellow mongoloids
> Try this:
> Make hard link of /etc/passwd to /var/tmp/dead.letter
> Telnet to port 25, send mail from some bad email address to some unreacheable hoost.
> Watch your message get appended to passwd.
> ie:
> cowzilla::0:0:c0wz1ll4 0wns u:/:/bin/sh
>
> This is not good. Worked with my 8.8.4, will probably also work with 8.8.5
> Root for the whole family
>
> -Cowzilla the omnipotent b0v1n3
> PD
> Greets to various #2600 people
>
Readers,
I haven't tested this one, and frankly I have my doubts. When I audited
8.6.12 the only *file access* problems related to group kmem - though it is
possibly of course that bad code has creeped it's way in since then.
--
Prof. Julian Assange |If you want to build a ship, don't drum up people
|together to collect wood and don't assign them tasks
proff@suburbia.net |and work, but rather teach them to long for the endless
proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery
