[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] root access from old sendmail boxes

To: linux-india@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [LI] root access from old sendmail boxes
From: Atul Chitnis <achitnis@xxxxxxxxxxx>
Date: Wed, 19 Jan 2000 01:03:06 +0530 (IST)
In-reply-to: <3884AB57.1158A02D@intellinux.com>
Organisation: Exocore Consulting (P) Limited
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx

On Tue, 18 Jan 2000, Sathya Rangaswamy wrote:

> > Make hard link of /etc/passwd to /var/tmp/dead.letter
> 
> Now why would I want to do that ?.  I do understand the sendmail bug.
> But if a hacker can get in and create the link why even bother
> linking, might as well edit it or am I missing somthing ?

Yep, you did. 

You can create the link to the passwd file as an ordinary user, but cannot
write to it. With this crack, you can. So all you need is a normal user
login, which is fairly easy on systems where people change their passwords
once in a century, usually from PASSWORD1 to PASSWORD2). Once you apply
the crack Suresh described, you get root access.

Atul

--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

References:
- Re: [LI] root access from old sendmail boxes
  - From: Sathya Rangaswamy

Prev by Subject: Re: [LI] root access from old sendmail boxes
Next by Subject: Re: [LI] root access from old sendmail boxes
Previous by thread: Re: [LI] root access from old sendmail boxes
Next by thread: Re: [LI] root access from old sendmail boxes
Index(es):
- Subject
- Thread