[2238] in bugtraq
load.root (loadmodule hole)
daemon@ATHENA.MIT.EDU (der Mouse)
Fri Sep 15 08:26:04 1995
Date: Fri, 15 Sep 1995 06:54:45 -0400
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
For anyone wondering what the loadmodule hole is, but not wanting to
grab the 8lgm exploit and try to grok it, the real secret is very
simple - and I can't understand why 8lgm didn't explain this in their
posting, rather than only in a comment in the exploit script.
The comment in question is:
> # loadmodule has previously been fixed to clear IFS, apparently by
> # putenv("IFS= "). However, we can still exploit system() by
> # having IFS defined twice in our environment.
der Mouse
mouse@collatz.mcrcim.mcgill.edu
