Home page logo

bugtraq logo Bugtraq mailing list archives

Possible problem of AIX mount
From: b811043 () MATH NTU EDU TW (Weizen)
Date: Tue, 22 Apr 1997 09:32:41 +0800

I have access to a group of AIX 4.systems ,which has suid root mount.
IF you try to mount a NFS file system,it will tell you "Only root or
member of system group can NFS mount/umount".In the AIX I can
access,nuucp is a member of system group(maybe by default).i.e nuucp can
mount /umount an NFS contain suid root shell and then become root!
Since nuucp's is not 0,in some case,it is easier to get nuucp access
then to get a root access.
In the group of AIX computers I can use,if I cracked root on one of NFS client
, I can easily execute program on NFS server remotely with euid nuucp
 to create a .forward for nuucp on NFS server,and then do
a NFS mount,then become superuser of NFS server.

It is not a big problem,but still not a good idea to allow to many
account have power to NFS mount.

  By Date           By Thread  

Current thread:
  • Possible problem of AIX mount Weizen (Apr 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]