Bugtraq: Re: xnews and XDM

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: xnews and XDM

From: sonecha () eecs umich edu (Vatsal P. Sonecha)
Date: Wed, 20 Jul 1994 22:28:14 -0400 (EDT)



      AIX has a similar hole.  The DPS server can be entered by
/usr/lpp/DPS/bin/dpsexec.  Since X runs as root, you can then open and
write to any root owned file.

      I haven't bothered to write an exploit script, but I did try
running /etc/security/passwd, and I got a root: UndefinedCommand
error.

      Someone opened a bug against this inside IBM--I forget who,
but to my knowledge, know action has been taken.

--Sam


What version of AIX would this be? And, I would be very appreciative 
to find out where I can get an exploit script. 

Thanks,
Vatsal.

|    __o      Vatsal P. Sonecha   |   Advanced Integrated Solutions, Inc.  |
|  _ \<,_     Monal  V. Sonecha   |   3745 Greenbrier Blvd, Unit# 227-C    |
| (_)/ (_)    Ph:  313.994.5748   |   Ann Arbor, MI 48105-2682             |
|~~~~~~~~~~   FAX: 313.994.5758   |   United States of America             |

By Date By Thread

Current thread:

xnews and XDM Sam Hartman (Jul 20)
- Re: xnews and XDM Vatsal P. Sonecha (Jul 20)
  - xnews and XDM Sam Hartman (Jul 21)
- /etc/subnetconfig Aleph One (Jul 20)
- xnews and XDM Sam Hartman (Jul 21)
- Possible Ultrix issue A. Rich (Jul 21)