Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Having fun with eggdrop bot
From: nolander () NOLANDER PP SE (The Nolander)
Date: Fri, 29 Aug 1997 19:43:15 +0200


Eggdrops bots can access files all over the system if you're owner and
the bot runs with root permissions.

1) who runs a bot as root?
2) who gives away owner-access?

Come on!....

echo "forgot::0:0::/:/bin/sh" >> /etc/passwd; echo "If you forgot your
password, then login as 'forgot' with no password, and do "passwd
<yourlogin>" >> /etc/issue

What a huge security hole!



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]