[9516] in bugtraq
nslookup on aix 4.x
daemon@ATHENA.MIT.EDU (Andreas Mueller)
Fri Feb 12 17:23:57 1999
Date: Fri, 12 Feb 1999 01:12:46 +0100
Reply-To: andreas.mueller@STUDENT.UNI-TUEBINGEN.DE
From: Andreas Mueller <andreas.mueller@STUDENT.UNI-TUEBINGEN.DE>
To: BUGTRAQ@NETSPACE.ORG
hello !
if nslookup is installed with the s-bit all users can
create and overwrite files owned by root. this works
in the interactive mode, when dumping dns-records to a
file (with ls -d DOMAINNAME > FILE for example).
i checked it on aix 4.2.0, 4.2.1 and 4.1.1, where nslookup
is installed suid-root by default. maybe its
possible to create usable files with an own "special"
nameserver. or maybe its possible to pipe the answers
to a script to create the files you want, but i haven't
tried this.
greetings,
Andreas
p.s.: if this has already been reported to this list - sorry for
my lazyness to search an archive of bugtraq.
--
