[1990] in bugtraq
Re: Exploit for Linux wu.ftpd hole
daemon@ATHENA.MIT.EDU (Larry Kruper)
Thu Jul 6 00:36:47 1995
Date: Wed, 5 Jul 1995 19:40:51 -0700
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Larry Kruper <lak@home.crimelab.com>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <Pine.LNX.3.91.950705175939.1572B-100000@phoenix.org> from "Mike
Edulla" at Jul 5, 95 06:06:10 pm
> On Wed, 5 Jul 1995, Henri Karrenbeld wrote:
>
> > Date: Wed, 5 Jul 1995 18:44:17 +0100
> > From: Henri Karrenbeld <H.Karrenbeld@ct.utwente.nl>
> > To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
> > Subject: Exploit for Linux wu.ftpd hole
> >
> minicom has a known, but not very well-known hole in it that is nearly
> identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71
> version of minicom, you can get root, its the same sort of thing,
> seteuid(0), and then make a suid root shell somewhere - you do it by
> changing the name of 'runscript' to your shell...
>
> It wouldnt really be much of a problem, except that linux to this day (i
> believe) continues to have the users gonzo, satan, and snake in
> minicom.users (or the slackware release does, at the very least).
> ---
So, how is this bug exploited if gonzo, satan or snake are not in /etc/passwd ?
With the minicom F - username (i.e. satan) I do not get an error for not
being in the minicom.users file, but J does not jump to a shell. How is this
done ?
I am doing this on my own system, not someone elses.
lak
