xrw bug

Summary
Description:shelling from a xrw telnet session cedes EUID 0
Author:Ess Jay
Compromise: root (local)
Vulnerable Systems:HP/UX with vulnerable xrw, probably 9.x 10.x
Date:23 May 1996
Notes:See the SOD HP Bug of the Week page
Details

Exploit: 

Msg# 223 (HP) - 05/23/96 03:34
From: Ess Jay
To: All
Subject: hole in xrw

I don't know if the bug is in rwiDCOM or what, but SOMETHING definitely has a
bug...  start up the xrw window, go to General menu, into DataComm, then
choose telnet to some valid host.. telnet will start up in the window, and
then use ^] to get to the telnet prompt and use !sh -i and you're euid root..

Boo!
More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]