Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sol2.x Mouse EXPLOIT info - CORRECTION

From: neil () legless demon co uk (Neil Woods)
Date: Tue, 17 Jan 1995 00:39:01 +0100 (GMT)



OK, Exploit details:

1) place pointer exactly in centre of screen
2) start to spiral out ANTICLOCKWISE - this movement must be
   smooth and finish in the top left corner
3) as soon as you reach the top left corner, unplug the mouse within
   4 seconds.
4) You should then be at the # prompt.

Have Fun.



This will NOT work on Solaris 2.X boxes.  The spiraling out should in
fact be CLOCKWISE.  An anticlockwise movement will give a shell running
as user nobody, rather than as uid 0!

Top left is however important, so that we have 0,0 stored in cred->uid
and cred->gid.  Due to the nature of the mouse driver, an anticlockwise
movement would spiral the uid/gid pair to the largest uid available on
the system, which under normal conditions would be user nobody.

Cheers,

Neil

-- 
Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way,
M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl.

     ...like a badger with an afro throwing sparklers at the Pope...
Previous By Date Next
Previous By Thread Next

Current thread: