this kid spent many hard hours reading man pages looking for 0day, gives it
to us along with hello world python networking code ( that is incapable of
parsing replies so any unintended behaviour causes exit), and you are going
to bash it? You are probably just jealous you do not have the
No, the idea is that you are a user with no login access, only FTP.
By doing this, you get shell access (with sane privileges, thankfully) when
you're supposed to only have FTP.
On Dec 13, 2007 2:34 PM, Fredrick Diggle [EMAIL PROTECTED] wrote:
You have write perms on a users home directory and
And why not replace .profile in that home directory and await the next
login?
This exploit is pretty basic and in fact write access to a ~ through FTP
could be used in many ways to exploit the machine.
I see no real issue here...
On 12/14/07, Adam N [EMAIL PROTECTED] wrote:
No, the idea is
On Fri, 14 Dec 2007 13:52:33 CST, Adam N said:
No, the idea is that you are a user with no login access, only FTP.
By doing this, you get shell access (with sane privileges, thankfully) when
you're supposed to only have FTP.
And this is why, for at least 2 decades, it's been recommended that
Small Design Bug in Postfix - REMOTE
There's a small issue on how Postfix forwards mails.
A user can have a .forward file in her home directory.
Inside this file she can specifiy an alternative recipient
or use aliasing to execute commands when mail is received.
From the manpage ALIASES(5)
You have write perms on a users home directory and this was the best way you
could come up with to execute commands? Please send me details on your
recipe for boiled water. Be sure to gzip it though as I imagine it is
several pages long.
YAY!
On Dec 13, 2007 2:18 PM, kcope [EMAIL PROTECTED]
Look this also seems to work on sendmail. Not verified tough.
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
___
Full-Disclosure - We believe in it.
Charter:
Confirmed Macosx is not vulnerable to this.
just1n
--
Surprise - in internet it is everytime!
Mac OS X Evangelist
--
___
Get a free @hellokitty.com, @mymelody.com, or @kuririnmail.com email account
today at www.sanriotown.com, and enjoy 500MB
On Thu, 2007-12-13 at 21:18 +0100, kcope wrote:
Put .forward file with following contents into the home directory of
user 'rootkey'.
Why not just put /tmp/XXX instead and bypass the extra bit about the
MTA?
-Jim P.
___
Full-Disclosure - We believe
