Bugtraq mailing list archives

Re: digital unix 4.0 hole

From: emmanuel () SIAMRELAY COM (Emmanuel Gadaix)
Date: Sat, 15 Nov 1997 12:59:20 +0700

I've verified this on 3 boxes running Digital unix 4.0..

Now, this core dump will follow symlinks.. and using the trick mentioned
earlier with embedding + + in a core dump, you can easily grab root.


Verified on 3.2 with dbx 3.11.8 but it dumps core as user, not as root.
Won't overwrite files and won't write in a directory where user doesn't
have permissions.

PS
As Tom Leffingwell <tom () SBA MIAMI EDU> said yesterday :
: DU doesn't allow +'s in /.rhosts, at least under C2, and I think so in
: general.  It doesn't seem to work even if you specify a user, either.

Current thread:

Re: digital unix 4.0 hole Johan Danielsson (Nov 14)
- <Possible follow-ups>
- Re: digital unix 4.0 hole Emmanuel Gadaix (Nov 14)
  - Re: digital unix 4.0 hole John McDonald (Nov 15)
- Re: digital unix 4.0 hole Paul Szabo (Nov 20)