Re: spying (deleted) file entries in other users' directories

From: D.C. van Moolenbroek (xanadu@chello.nl)
Date: 06/24/02 

From: "D.C. van Moolenbroek" <xanadu@chello.nl>
To: "FozZy" <fozzy@dmpfrance.com>
Date: Mon, 24 Jun 2002 11:47:16 +0200

Hi there,

> I saw this for the first time 3 years ago on a SunOS system while doing
"cat /root" as a user. I don't know if current Sun systems are patched or
not.

Solaris 8 is vulnerable at least, the scenario you attached works on Solaris
8 exactly the same way...don't know about Solaris 9. On a sidenote, IRIX is
not vulnerable.

$ uname -svr
SunOS 5.8 Generic_108528-14

Note that on my system, reading doesn't work on /tmp ("input error: Invalid
argument"); it seems to work on all other directories though. Generally I
suppose it's a bad idea to put something sensitive in a filename, but what
do the other bytes represent, that show up in the hexdump?

-David 

--
class sig{static void main(String[]s){for// D.C. van Moolenbroek
(int _=0;19>_;System.out.print((char)(52^// (CS student, VU, NL)
"Y`KbddaZ}`P#KJ#caBG".charAt(_++)-9)));}}// -Java sigs look bad-

Relevant Pages

  • RE: spying (deleted) file entries in other users directories
    ... Asunto: Re: spying file entries in other users' directories ... > I saw this for the first time 3 years ago on a SunOS system while doing ... Solaris 8 is vulnerable at least, the scenario you attached works on Solaris ...
    (Vuln-Dev)
  • Re: Request description of UFS for VMS person
    ... source to cat and write your own version that ignores it being a directory. ... Hmmm....my FreeBSD systems allow one to 'cat' a directory, ... I just tried on a SunOS system at work, and 'cat' fails on a directory. ...
    (comp.os.vms)
  • Re: Request description of UFS for VMS person
    ... source to cat and write your own version that ignores it being a directory. ... I just tried on a SunOS system at work, and 'cat' fails on a directory. ... I don't have the source for that, but I wrote a test program and ...
    (comp.os.vms)
Quantcast