> > > P> Did you happen to install the following, in particular 101436-02? > > P> Solaris 1.1.1 Patches Containing Security Fixes: > > P> ------------------------------------------------ > > P> 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch > > This is the patch which made the race condition *easier* to exploit > > than it was in the unpatched version. > > Yes, and after getting another copy of the exploit script, it's been > pointed out that the race condition can write to ANY file. > > Btw, does anyone know if there is a similar race condition on Solaris > 2.x? > Yes this is the case, judging from trace output I've seen. Cheers, Neil -- Bull in the Heather, Me and My Charms, The Lights, Sensual World, Go, Ritual, Handsome and Gretel, Take Me, Blue Room, Drunken Butterfly, She's Lost Control. ...like a badger with an afro throwing sparklers at the Pope...