mailing list archives
Re: Smashing "XBoard 4.2.7(All versions)" For Fun & Profit.*Unpublish ed Local Stack Overflow Vulnerablity!
From: Valdis.Kletnieks () vt edu
Date: Tue, 02 Mar 2004 15:47:05 -0500
On Tue, 02 Mar 2004 12:01:08 +0300, d4rk <d4rk () securitylab ru> said:
/* or if root is your friend, u can ask him to do it. */
Never underestimate the power of social engineering. I've seen systems
r00ted by getting the admin to 'cd' over to a directory to examine a 'failing'
program. Files like .exrc, .dbxrc/.dbxinit, and .gdbinit can all be used for mischief
with an unsuspecting sysadmin....
"Yep... got an a.out here, got a core here.. 'gdb' and type 'where'. Hmm..
see right there? You got a SEGV because you had a null pointer.." (Yes, and
you, mr admin, just got someting more fun than a SEGV when that .gdbinit file
in the current directory did something.. ;)