Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Sep 1998 12:07:05 +0100 (BST)
From:      Jay Tribick <netadmin@fastnet.co.uk>
To:        freebsd-security@FreeBSD.ORG
Subject:   Err.. cat exploit.. (!)
Message-ID:  <Pine.BSF.3.96.980910115926.408V-100000@bofh.fast.net.uk>
next in thread | raw e-mail | index | archive | help 

Hi All..

Was just having a look in /var/log the other day and spotted
a file called sendmail.st, wondering what it was I cat'd it
and here's what it did:

bofh$ cat sendmail.st 
`ay5habf33*`ma}`)`Jj]:        Jsu-2.01$ xtermxterm
su: xtermxterm: command not found
bofh$ 

This seems quite scarey to me, couldn't someone embed 'rm -rf /'
within a text file and then, if root cats the file it nukes
their system?

Here's an 'od' dump of the file, unfortunately I don't have the
time to investigate this further:

bofh$ od sendmail.st  
0000000  130736 000001 000002 000000 177032 032616 001150 000000
0000020  000000 000000 000000 000000 000000 000000 175721 000000
0000040  000000 000000 173327 000003 000000 000000 000000 000000
0000060  000000 000000 000000 000000 000000 000000 000000 000000
*
0000200  170546 000063 000000 000000 025063 000203 000000 000000
0000220  000000 000000 000000 000000 000000 000000 000000 000000
*
0000320  000000 000000 000000 000000 000741 000000 130255 000000
0000340  000000 000000 066405 000002 000000 000000 174575 000001
0000360  000000 000000 000000 000000 000000 000000 000000 000000
*
0000460  000000 000000 000000 000000 000000 000000 007734 000000
0000500  132451 000001 000000 000000 170650 000112 000000 000000
0000520  065262 000135 000000 000000 000000 000000 000000 000000
0000540  000000 000000 000000 000000 000000 000000 000000 000000
*
0000640  000000 000000 000000 000000 000000 000000 004472 000000
0000660  000000 000000 045005 000000 000000 000000 000000 000000
0000700  000000 000000 000000 000000 000000 000000 000000 000000
*
0001140

bofh$ uname -a
FreeBSD server1.fastnet.co.uk 2.2.6-RELEASE FreeBSD 2.2.6-RELEASE #0: Mon
Jun 22 17:33:00 BST 1998
kronus@anarchy.fast.net.uk:/usr/src/sys/compile/ANARCHY  i386


Regards,

Jay Tribick <netadmin@fastnet.co.uk>
--
[| Network Admin | FastNet International | http://fast.net.uk/ |]
[| Finger netadmin@fastnet.co.uk for contact info & PGP PubKey |]
[|   +44 (0)1273 T: 677633 F: 621631 e: netadmin@fast.net.uk   |]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980910115926.408V-100000>