Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1996: dg/ux vulnerbility

dg/ux vulnerbility

Brian Mitchell (briansaturn.net)
Tue, 23 Jul 1996 19:03:07 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tom Bowman: "Re: quotas? maybe you're not seeing all of it"
Previous message: Brian Mitchell: "Re: tcp"

There seems to be a vulnerbility in dg/ux (tested in 5.4r3.10) - it
includes ospf_monitor (from the gated package). Unfortunately, it is a
older version and has a security hole.

It is a suid program, and has a command to write to a file, so something
like this:

umask 0
ospf_monitor
F /tmp/foo
x

This should create a 0 byte world writable file called /tmp/foo, assuming
/tmp/foo does not exist. If it exists, it will be truncated, permissions
obviously will not be modified.


Brian Mitchell                                          briansaturn.net
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

Next message: Tom Bowman: "Re: quotas? maybe you're not seeing all of it"
Previous message: Brian Mitchell: "Re: tcp"