[4515] in bugtraq
Re: SunOS exploit.
daemon@ATHENA.MIT.EDU (Trevor Linton)
Mon May 19 22:36:03 1997
Date: Mon, 19 May 1997 04:14:21 +0000
Reply-To: Trevor Linton <blind@SEDATED.NET>
From: Trevor Linton <blind@SEDATED.NET>
X-To: juphoff@nrao.edu
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199705191520.LAA08859@tarsier.cv.nrao.edu>
This worked on SunOS 5.5.1 Generic_103640-05 sun4m sparc.
Please mind you that this only works on versions of programs
that use getenv("USER"); to obtain the username, i'm also aware
anyone who uses elm on ANY system, linux, bsd, SunOS included
can read any users mail :P. getenv("USER") on programs that are
reliant on the USERNAME isn't safe especially when there +s'ed.
blind - blind@root.hax0r.org support@hax0r.org
Swingin' Utters. a juvenile product of the working class.
"People who are having trouble communicating should just shuttup"
On Mon, 19 May 1997, Jeff Uphoff wrote:
> "TL" == Trevor Linton <blind@SEDATED.NET> writes:
>
> TL> On sunos, if you execute a clean bash shell then type, export USER="root"
> TL> then USER=$LOGNAME, then execute chsh root or chfn root you can change
> TL> the root information.
>
> TL> On the SunOS system i have [...]
>
> What version(s) of SunOS?
>
> I just tried this on an old 4.1.2 system I have and I could not
> duplicate it.
>
> --Up.
>
> --
> Jeff Uphoff - Scientific Programming Analyst | juphoff@nrao.edu
> National Radio Astronomy Observatory | juphoff@bofh.org.uk
> Charlottesville, VA, USA | jeff.uphoff@linux.org
> PGP key available at: http://www.cv.nrao.edu/~juphoff/
>
