> > > AIX has a similar hole. The DPS server can be entered by > /usr/lpp/DPS/bin/dpsexec. Since X runs as root, you can then open and > write to any root owned file. > > I haven't bothered to write an exploit script, but I did try > running /etc/security/passwd, and I got a root: UndefinedCommand > error. > > Someone opened a bug against this inside IBM--I forget who, > but to my knowledge, know action has been taken. > > --Sam > What version of AIX would this be? And, I would be very appreciative to find out where I can get an exploit script. Thanks, Vatsal. | __o Vatsal P. Sonecha | Advanced Integrated Solutions, Inc. | | _ \<,_ Monal V. Sonecha | 3745 Greenbrier Blvd, Unit# 227-C | | (_)/ (_) Ph: 313.994.5748 | Ann Arbor, MI 48105-2682 | |~~~~~~~~~~ FAX: 313.994.5758 | United States of America |