Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Root shell vixie cron exploit
From: netch () LUCKY NET (Valentin Nechayev)
Date: Sat, 4 Sep 1999 10:51:50 +0300

Hello Seva Gluschenko!

 Wed, Sep 01, 1999 at 21:08:55, gvs wrote about "Re: Root shell vixie cron exploit":

 MZ> flags, this exploit won't bring anything shocking - simply, it's working
 MZ> example.


man sendmail:
/-C
...skipping...
      -Cfile  Use alternate configuration file.  Sendmail refuses to run
              as root if an alternate configuration file is specified.

and it does, for sure %-).

Just tested this on different versions of FreeBSD and had no effects
except Mail Delivery message:

The following address has permanent fatal errors:
-C/tmp/vixie-cf gvs

So, sendmail _really_ refuses to accept -C key when run as root


Try to run sendmail with -C option as _root_ and you can really change
config file when were root. -C flag only disable suid:root (causing setting
effective uid to real uid via drop_privileges()). We really use sendmail
with alternative configuration files in technology.

Therefore, MZ is right...

--
Valentin Nechayev
netch () lucky net
II:LDXIII/DCCCLXXIII.CCC

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]