Hosting Provided By

Re: Red Hat 9: free tickets

From: Jon Hart <warchild(at)spoofed.org>
Date: Fri Jul 11 2003 - 13:48:07 EDT

On Sun, Jul 06, 2003 at 12:30:34PM -0700, Stephen Samuel wrote:
> The way it works is:

Actually, I'm not sure this entirely true. Well, it is, but there is another important condition that must be met for this (or similar) attacks to work properly -- /var/run/sudo/$USER/ must exist. This means that the user must have previously sudo'd at lease once and /var/run/sudo/$USER/ will have been created.

I'm sure there are ways to work around this, but in my experiments, /var/run/sudo/$USER/ must exist if you hope to exploit something like this with the predictable file name creation + symlink trick.

-jon Received on Fri Jul 11 19:55:30 2003

This message: [ Message body ]
Next message: ph1zzle: "Re: How vulnerable is a 'Limited" account on XP?"
Previous message: Vade 79: "UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer overflow exploits."
In reply to Stephen Samuel: "Re: Red Hat 9: free tickets"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT