[Full-Disclosure] Security hole in Confixx backup script
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Aug 10 19:02:19 BST 2004
On Tue, 10 Aug 2004 17:16:43 +0200, Thomas Loch said:
> What would I have to do then? (excuse my lack of knowledge, please)
'man cp' and 'man chmod'. Given cp and chmod and initial access to the
ability to run commands as a suitable user, a set-UID bash is achievable...
(Note that you end up with a bash set-UID to the userid you do it under - that DOES
matter...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040810/a8e557d8/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.