regarding the (ex)preserve holes

mattworldlinx.com

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: William McVey: "Re: regarding the (ex)preserve holes"
• Previous message: Rob Quinn: "Crack type program for Novell Netware"
• Next in thread: William McVey: "Re: regarding the (ex)preserve holes"

How does one go about determining the dangerousness of the (ex)preserve
holes? I notice on my SunOS 4.1.x systems that both expreserve and 
exrecover are suid root, but I assume that the latest versions of either
the editors or the OS ignore this when playing with the IFS variables.
Please tell me this is a correct assumption! I'm not sure if our
friends at 8lgm etc. have a script for this, but I'm curious as to the
ongoing danger of these holes.

I've basically battened down the hatches on my sunos 4.1.3_U1 system to
the point where all of the previously distributed exploits fail on my
hardened system (please note that EVERY ONE SUCCEEDS on a stock sunos
4.1.3_U1 out of the box, with no modifications - be very, very scared!).
However, when scanning for suid(0) programs, I noticed these two little
jewels. Any comments?

P.S. What is the official verdict on the little snippet of code posted
by SCTC? Do the code jockeys amongst us accept this as legit? To think
all I needed to do was type this in, avoid the root account watching
my every keystroke, telnet to the supervisor machine before root disconnected
my session and/or killed the process, hope that the site didn't mysteriously
exhibit "PPP link problems" at that crucial moment, assume that there
was in fact a cookie program on the other end, and I would have won a
lovely leather jacket. Simple, really.


Cheers,
Matthew (mattworldlinx.com)

• Next message: William McVey: "Re: regarding the (ex)preserve holes"
• Previous message: Rob Quinn: "Crack type program for Novell Netware"
• Next in thread: William McVey: "Re: regarding the (ex)preserve holes"