Re: Solaris 2.4 bugs...

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Pete Hartman: "Solaris 2.4 Bugs"
• Previous message: Robert Lau: "Re: Solaris 2.4 bugs..."
• Maybe in reply to: Philippe Langlois: "Solaris 2.4 bugs..."
• Next in thread: Casper Dik: "Re: Solaris 2.4 bugs..."

>> Does anybody have information about the Solaris 2.4 bug fixed in the
>> patch Patch-ID# 102044-01 :
>> SunOS 5.4: bug in mouse code makes "break root" attack possible
> The bug was in Solaris 2.3 and yes it was the mouse driver.
> I'm still mulling over the propriety of posting the 3 line C program
> that expliots this hole and gives any user root.

Personally, I'd advise against posting it - but some description of the
bug would be appreciated.  (Does some ioctl not check its arguments
sufficiently stringently, for example?)  Or if you don't understand it
and don't want to go to the trouble to figure it out, I'm sure someone
with a Solaris 2.3 system would volunteer to do so.  I'd volunteer
myself except that I don't have access to any such system.

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu

• Next message: Pete Hartman: "Solaris 2.4 Bugs"
• Previous message: Robert Lau: "Re: Solaris 2.4 bugs..."
• Maybe in reply to: Philippe Langlois: "Solaris 2.4 bugs..."
• Next in thread: Casper Dik: "Re: Solaris 2.4 bugs..."