[4472] in bugtraq
Re: potential root exploit with help from sam (HP-UX 10.x)
daemon@ATHENA.MIT.EDU (Trevor Schroeder)
Thu May 15 02:14:48 1997
Date: Wed, 14 May 1997 10:43:35 -0500
Reply-To: Trevor Schroeder <tschroed@CHEETAH.WSC.EDU>
From: Trevor Schroeder <tschroed@CHEETAH.WSC.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <9705141152.AA05757@aet.hasler.ascom.ch>
On Wed, 14 May 1997, David Hyams wrote:
> So, if I make a symbolic link from /var/tmp/outdata to
> /.rhosts (say), and wait for the sys-admin to run sam to configure
> networking, I can get a /.rhosts file. Admittedly this isn't too
> interesting as the file doesn't have the famous "+ +" in it. However,
> if your sysadmin happens to have umask set to 0 then you've now got a
You've certainly got a case for a very potent DoS. Link to any file you want:
/bin/sh, /etc/passwd, /bin/login, etc. and *poof* there it goes.
____________________________________________________________
"One unerring mark of the love of truth is not entertaining
any propositions with greater assurance than the proofs it
is built upon will warrant" -- John Locke, 1690
Trevor Schroeder tschroed@cheetah.wsc.edu
------------------------------------------------------------
