[2989] in bugtraq
dg/ux vulnerbility
daemon@ATHENA.MIT.EDU (Brian Mitchell)
Tue Jul 23 20:42:18 1996
Date: Tue, 23 Jul 1996 19:03:07 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Brian Mitchell <brian@saturn.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
There seems to be a vulnerbility in dg/ux (tested in 5.4r3.10) - it
includes ospf_monitor (from the gated package). Unfortunately, it is a
older version and has a security hole.
It is a suid program, and has a command to write to a file, so something
like this:
umask 0
ospf_monitor
F /tmp/foo
x
This should create a 0 byte world writable file called /tmp/foo, assuming
/tmp/foo does not exist. If it exists, it will be truncated, permissions
obviously will not be modified.
Brian Mitchell brian@saturn.net
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman
