[14378] in bugtraq
Re: Exploit for Mandrake 6.1 (PAM/userhelper bug)
daemon@ATHENA.MIT.EDU (Jeremy Gault)
Wed Mar 22 02:21:18 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <200003211949.OAA16526@agape.wingnet.net>
Date: Tue, 21 Mar 2000 14:47:17 -0500
Reply-To: Jeremy Gault <jgault@WINGNET.NET>
From: Jeremy Gault <jgault@WINGNET.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38CED5CD.1BBB8769@nitnet.com.br>
I tried this on a couple of my Mandrake 6.1 machines and it did
work. Tried it on a Mandrake 7.0 box and it didn't work. I went to
the Mandrake FTP site and downloaded a RPM of 7.0's PAM,
installed it, and everything seems happy now.
<snip>
> * Mandrake Linux 6.1 has the same problem as Red Hat Linux 6.x but its
> * exploit (pamslam.sh) doesn't work on it (at least on my machine). So,
> * I created this C program based on it which exploits PAM/userhelper
> * and gives you UID 0.
<snip>
> * Red Hat Linux 6.0, Red Hat Linux 6.1, Mandrake Linux 6.1.
> *
<snip>
Jeremy Gault
Systems Administrator - WingNET Internet Services
http://www.wingnet.net
