[652] in bugtraq
Re: Sol2.x Mouse EXPLOIT info - CORRECTION
daemon@ATHENA.MIT.EDU (jsz)
Tue Jan 17 16:31:13 1995
From: jsz@ramon.bgu.ac.il (jsz)
To: cklaus@shadow.net (Christopher Klaus)
Date: Tue, 17 Jan 1995 21:43:33 +0200 (IST)
Cc: neil@legless.demon.co.uk, karl@bagpuss.demon.co.uk, bugtraq@fc.net
In-Reply-To: <199501170841.DAA25669@shadow.net> from "Christopher Klaus" at Jan 17, 95 03:41:48 am
>
> >
> > >
> > > OK, Exploit details:
> > >
> > > 1) place pointer exactly in centre of screen
> > > 2) start to spiral out ANTICLOCKWISE - this movement must be
> > > smooth and finish in the top left corner
> > > 3) as soon as you reach the top left corner, unplug the mouse within
> > > 4 seconds.
> > > 4) You should then be at the # prompt.
> > >
> > > Have Fun.
> > >
> >
> > This will NOT work on Solaris 2.X boxes. The spiraling out should in
> > fact be CLOCKWISE. An anticlockwise movement will give a shell running
> > as user nobody, rather than as uid 0!
> >
> > Top left is however important, so that we have 0,0 stored in cred->uid
> > and cred->gid. Due to the nature of the mouse driver, an anticlockwise
> > movement would spiral the uid/gid pair to the largest uid available on
> > the system, which under normal conditions would be user nobody.
>
> I tried it both boths and neither are successful, what am I doing wrong?!@?!
>
> (griN)
>
>
> >
> > Cheers,
> >
> > Neil
> >
> > --
> > Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way,
> > M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl.
> >
> > ...like a badger with an afro throwing sparklers at the Pope...
> >
>
>
> --
> Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030
> Internet Security Systems, Inc. Computer Security Consulting
> 2209 Summit Place Drive, Atlanta, GA. 30350-2450.
>
