[3155] in bugtraq
Re: IRIX 5.3 chost
daemon@ATHENA.MIT.EDU (Bill Nickless)
Tue Aug 13 23:10:55 1996
Date: Tue, 13 Aug 1996 18:31:17 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Bill Nickless <nickless@MCS.ANL.GOV>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Well folks, looks like even with the latest patches installed I can still
use the exploit in http://www.eecs.nwu.edu/~jmyers/bugtraq/1099.html to
edit /etc/aliases.
So: I too recommend that one should run this /bin/sh fragment or it's
equivalent, which I've added to our system setup and maintenance script:
---
#!/bin/sh
# Exploit from http://www.eecs.nwu.edu/~jmeyers/bugtraq/1099.html
# will work even with the patches installed as of 13 August 1996.
# Accordingly, turning off the suid bits on the Cadmin programs.
for p in cexport cformat chaltsys chost chostInfo cimport clogin \
cmidi configClogin cpeople cports cpuView csetup cswap \
diskView tapeView videoView
do
/bin/chmod u-s /usr/Cadmin/bin/$p
done
---
Note that this is a problem only if you have preexisting NFS mounts; without
a real root password I was unable to create the NFS mount required for the
exploit referenced above to work.
--
Bill Nickless nickless@mcs.anl.gov +1 630 252 7390
