Date: Mon, 4 Jan 1999 02:33:46 -0800
From: "Jan B. Koum" <jkb@BEST.COM>
To: BUGTRAQ@netspace.org
Subject: January SysAdmin EY script DoS bug.
/* Warning! Lame bug report ahead. */
/* This is nothing against EY. They are a good company. This
is against people who claim to be security experts and can't
write a secure script. */
Lets make it short. SysAdmin (www.samag.com - btw, their
DNS is brocken. Isn't it ironic that they can't get their
own systems running, yet they teach others how) magazine
published a script in Jan 1999 issue which, after you
run it as root, tells you stuff about your system. Here
are some parts of this script:
set HOSTNAME=`hostname`
set basedir=/tmp/eyscan
set OUTPUT=?{basedir}/ey-?{HOSTNAME}.out
After that, output like 'ls -l /etc/passwd' is sent to
$OUTFILE.
So you know that your admin runs lame scripts as root
and what do you do? Hmm.. gee..
% mkdir /tmp/eyscan
% ln -s /etc/passwd /tmp/eyscan/ey-`hostname`.out
After an admin runs the script - he is toasted. A points
to this story kids:
o set basedir=/root or /var/run ..
-- Yan
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
