[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)

Subject: Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Mon, 24 Jul 2000 21:24:42 +0100 (BST)

Except, you might have something like PHP3/4 installed, which gives users
access to 'system()'.  Hax0r uploads script mentioned on bugtraq, modifies
it SLIGHTLY to make it perform a command rather than dropping to a
rootshell, uploads bash script, makes exploit.php which calls the script.

Kiddies work, and perfectly possible.

Oh, and then theres the old one of Cobalt allowing users to execute
programs in SSI by default...  (see texts available online about using SSI
to compile bindshell.c on the system and executing it).

Regards.

On Mon, 24 Jul 2000, Jeff Lasman wrote:

> Florian Effenberger wrote:
> 
> > > The best way to solve this one is not to allow local users.
> > Sorry, but what do you mean with that?
> 
> This exploit can only be done by someone logged into your server through
> telnet/ssh.
> 
> We just don't give our users that privilege.
> 
> Jeff
> 

-- 
gossi@xxxxxxxxxxxxxxx

Follow-Ups:
- Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
  - From: Gossi The Dog

References:
- Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-security] I tried..
Next by Date: Re: [cobalt-security] I tried..
Previous by thread: Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
Next by thread: Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index