[8392] in bugtraq
lightbar vulnerability
daemon@ATHENA.MIT.EDU (Config Urator)
Wed Nov 4 04:39:13 1998
Date: Sun, 1 Nov 1998 21:08:39 -0400
Reply-To: Config Urator <root@OBERPHLOW.ORG>
From: Config Urator <root@OBERPHLOW.ORG>
To: BUGTRAQ@NETSPACE.ORG
Lightbar Vulnerability - Found 11/01/98 by OberphloW (Config Urator)
---------------------------------------------------------------------
any reply to: config@i-p-d.com
- Gives
* remote root access
- How?
Ok. here we start, i download lightbar, install, configure, and
run. kewlio, it works and all, suddenly that qute "guest" option gets
my attention. so i decide to check it out.
here is the bug. if lightbar doesnt find or cant execute the file
its supposed to execute for the "guest" account it will just drop
you a bash! and it doesnt even bother to setuid() setgid() to guest.
so it drops a REMOTE ROOT BASH to anyone who logs in as guest.
- How do i make sure sum1 dont use this against me?
easy, just make sure no1 can erase or change permissons of the
file that "guest" account will execute.
- How to fix this if im stupid and want ppl to have +w to the file?
on: shell.c
remove lines from: 163 to 170
att...
Config Urator (config@i-p-d.com)
