OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Atro Tossavainen (atossavaCC.HELSINKI.FI)
Date: Fri Apr 27 2001 - 04:44:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    > this bug takes advantage of the -n option witch
    > has a bug that allows for arbitrary commands to be
    > executed.
    >
    > exploit source code:
    > http://realhalo.org/xnetprint.c

    In the form you give it, it doesn't work against IRIX 6.5.10, it
    complains about the symbol ListAllPrinters being missing.

    Adding the symbol results in gaining root, but it does require lp first.

    Of course, since many SGI systems come with the lp account enabled
    without a password, that would often be a trivial prerequisite.

    --
    Atro Tossavainen (Mr.)               / The Institute of Biotechnology at
    Systems Analyst, Techno-Amish &     / the University of Helsinki, Finland,
    +358-9-19158939  UNIX Dinosaur     / employs me, but my opinions are my own.
    < URL : http : / / www . iki . fi / atro . tossavainen / >