|
|
lug-bg: Fwd: QNX FIle Read Vulnerability
- Subject: lug-bg: Fwd: QNX FIle Read Vulnerability
- From: firedust@xxxxxxx (Stanislav Lechev)
- Date: Mon, 23 Apr 2001 12:40:18 +0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
qnx-a samo na fat li se installwa ?
nqkoj da go e slagal ?
- ---------- Forwarded Message ----------
Subject: QNX FIle Read Vulnerability
Date: Sat, 21 Apr 2001 03:59:32 -0400
From: teknophreak <killbill1@xxxxxxxx>
To: VULN-DEV@xxxxxxxxxxxxxxxxx
QNX 2.4 FILE READ VULNERBILITY
- ------------------------------------------
BY: Teknophreak (klllbill1@xxxxxxxx)
QNX 2.4 is a mini-linux based Operating System which can be downloaded for
free at www.qnx.com. QNX 2.4 is made to install on a FAT partition. A
vulnerabilty exist which allows you to read any file on the system.
example:
$ more /etc/shadow
Permission Denied
if you try to view a file which you don't have read access to, DUH! you wont
be able to read it.
Well, If you find out where the FAT filesystem is mounted usually /fs-dos
then you can do this.
$ more /fs-dos/linux/etc/shadow
then....
booyah!
you can read a file you won't be able to read under normal circumstances.
- -------------------------------------------------------
- --
- -===============================================================-
- - Regards, AngelFire -
- - Stanislav Lechev <firedust@xxxxxxx> -
- - PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc -
- -===============================================================-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE64/iD8RPXBhiMqewRAm6aAJ0Zw3GZrgZZ1S1/CM4WEKh55d+5FwCggQrx
+1opOdKOjNXazW1uDHtnNDo=
=ZkgL
-----END PGP SIGNATURE-----
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|
|
|