|
Bugtraq
mailing list archives
Re: SunOS exploit.
From: blind () SEDATED NET (Trevor Linton)
Date: Mon, 19 May 1997 04:14:21 +0000
This worked on SunOS 5.5.1 Generic_103640-05 sun4m sparc.
Please mind you that this only works on versions of programs
that use getenv("USER"); to obtain the username, i'm also aware
anyone who uses elm on ANY system, linux, bsd, SunOS included
can read any users mail :P. getenv("USER") on programs that are
reliant on the USERNAME isn't safe especially when there +s'ed.
blind - blind () root hax0r org support () hax0r org
Swingin' Utters. a juvenile product of the working class.
"People who are having trouble communicating should just shuttup"
On Mon, 19 May 1997, Jeff Uphoff wrote:
"TL" == Trevor Linton <blind () SEDATED NET> writes:
TL> On sunos, if you execute a clean bash shell then type, export USER="root"
TL> then USER=$LOGNAME, then execute chsh root or chfn root you can change
TL> the root information.
TL> On the SunOS system i have [...]
What version(s) of SunOS?
I just tried this on an old 4.1.2 system I have and I could not
duplicate it.
--Up.
--
Jeff Uphoff - Scientific Programming Analyst | juphoff () nrao edu
National Radio Astronomy Observatory | juphoff () bofh org uk
Charlottesville, VA, USA | jeff.uphoff () linux org
PGP key available at: http://www.cv.nrao.edu/~juphoff/
 By Date 
By Thread
Current thread:
|
Intro
