Martin Schulze wrote:
Rogier Wolff wrote:
Martin Schulze wrote:
This was not intentional by the author, he tried to use tempfile(1) to
create the temporary filename. However, due to a thinko, the name was
hardcoded into the script.
[...]
+#NNTPactive=\`tempfile -p active\`
This apparently works on NT 4.0 sp5 and IE 5.00.2014.0216IC as well..
Micheal Patterson
[EMAIL PROTECTED]
- Original Message -
From: Georgi Guninski [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, August 21, 1999 11:17 AM
Subject: IE 5.0 allows executing programs
Disclaimer:
The password is also LOGGED when the web based administration tool is
used. It can be obtained by simply grep'ing the logfile output. The
offending line is here:
08/20/99@06:11:41 [http:1 my.computer.com]
REQ:"/admin.cgi?pass=joltcolamode=viewlog" (Mozilla/4.0 (compatible; MSIE
5.0; Windows
Also sprach Alan Cox:
[blah blah]
[Linux opens files with real not effective UID]
The problem with telnetd is that you can pass a terminal name that indicates
'use a local file'. Now the ncurses library then goes 'ok leading slash
all well and good', Im not suid uid==euid, lets open it as
aleph , this may be of iterest
--
From: Sean MacGuire[SMTP:[EMAIL PROTECTED]]
Sent: Sunday, August 22, 1999 6:50:02 PM
To: [EMAIL PROTECTED]
Subject: Re: {bb} Notes Test Confirmed! (It kills the server)
Auto forwarded by a Rule
Someone posted info that
Hi, since bugtraq it's a full-disclosure list, let's
help the script kiddies a bit and scare the sysadms a little bit more...
To make the smashcap.c work , all you have to do is remove one
0xff character before /bin/sh in the shellcode
so the line would be :
"\x80\xe8\xdc\xff\xff\xff/bin/sh"
Rogier Wolff wrote:
Martin Schulze wrote:
This was not intentional by the author, he tried to use tempfile(1) to
create the temporary filename. However, due to a thinko, the name was
hardcoded into the script.
[...]
+#NNTPactive=\`tempfile -p active\` #"/tmp/active.\$\$"
So now
Martin Schulze wrote:
Rogier Wolff wrote:
This was not intentional by the author, he tried to use tempfile(1) to
create the temporary filename. However, due to a thinko, the name was
hardcoded into the script.
[...]
+#NNTPactive=\`tempfile -p active\`
First of all, something less or more personal - sorry to all secure@...pl
people for this post. I'm really angry, as this stuff become well-known
without my knowledge... so, only a few of my own observations, always
trying to respect other's intellectual property.
All the best goes to el- :P