Re: Security Info (root broken)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Jake Hill: "[cklaus@shadow.net: Re: Security Info (root broken)]"
• Previous message: John Ladwig: "Re: Security Info (root broken)"
• In reply to: John Ladwig: "Re: Security Info (root broken)"
• Next in thread: Casper Dik: "Re: Security Info (root broken)"

> >>>>> On Thu, 29 Sep 1994 07:04:44 -0600 (CDT), Pug <pug@arlut.utexas.edu> said:
>     >> This was a new
>     >> install, and it lasted about 4 days.   One person heard thru the cracker
>     >> grapvine that root was broken thru /bin/mail.
>     P> Did you happen to install the following, in particular 101436-02?
>     P> Solaris 1.1.1 Patches Containing Security Fixes:
>     P> ------------------------------------------------
>     P> 101436-02   SunOS 4.1.3_U1: bin/mail jumbo patch
> This is the patch which made the race condition *easier* to exploit
> than it was in the unpatched version.

As I remember the race condition, you don't have a problem if you don't
allow the 'r' commands into your system. The race condition created a
.rhosts file for accounts that had UID 0, but no existing .rhosts file.
I can't find my copy of the exploit anymore to be certain. As well, you
had to start on the system, so it wasn't that much of an external job
anyway.

I see allowing 'r' commands into your installation as a Bad Thing anyway.

Ciao,

-- 
Richard Bainter          Mundanely     |    System Analyst        - OMG/CSD
Pug                      Generally     |    Applied Research Labs - U.Texas
          pug@arlut.utexas.edu         |    pug@bga.com
Note: The views may not reflect my employers, or even my own for that matter.

• Next message: Jake Hill: "[cklaus@shadow.net: Re: Security Info (root broken)]"
• Previous message: John Ladwig: "Re: Security Info (root broken)"
• In reply to: John Ladwig: "Re: Security Info (root broken)"
• Next in thread: Casper Dik: "Re: Security Info (root broken)"