home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Hacking & Misc
/
bundle of exploits.sit
/
bundle of exploits
/
asppp.txt
< prev
next >
Wrap
Text File
|
1998-07-17
|
833b
|
17 lines
Solaris 2.5 x86 aspppd (semi-exploitable-hole)
Although initialy when I first saw this hole I thought "noone is realy
vunerable", but after seeing how badly aspppd handled my modem line
getting dropped (Solaris doesnt down the interface, so you have to either
restart aspppd, or do it manualy), I figured some people running scripts
that restart aspppd might be.
Its relatively simple, in /tmp/ lies .asppp.fifo which is world r/w if
aspppd isnt running you simply ln -s /.rhosts /tmp/.asppp.fifo, when root
executes aspppd, /.rhosts is opened r/w as a fifo, the second aspppd dies
/.rhosts becomes a normal file world r/w.
aspppd isnt setuid, so it must be run by root and later killed for any of
this to work. Not likely, but if your like me and have a small script to
keep up your link, (not anymore) your probably vunerable.