Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: UNIX Tar Security Advisory from TEAM PWN4GE
From: Valdis.Kletnieks () vt edu
Date: Wed, 02 Feb 2005 23:12:07 -0500

On Wed, 02 Feb 2005 23:18:12 +0100, Volker Tanger said:

Alternatively the TAR binary might be SUID'ed, which is A Bad Idea(TM),
too - which are all SUID'ed programs that can write to arbitrary
locations...

And in the prehistoric dawn of the computer era, about 15 years ago, IBM made
one of the first RISC-based systems, the RT.  One of the operating systems
available for it was AIX 2.2 (a SYSV port, which came out before AIX 1.2 for
the x86 family of PS/2 boxes), which indeed shipped with a setuid /bin/tar.

First time I saw that, I said to myself "Damn, I've been hax0red".  Then I
re-installed tar from the original system media - and promptly wished it had
in fact been a trojaned binary.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault