Re: Solaris 2.3-2.4 Audit Bug

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Mark Graff : "Re: Solaris 2.3-2.4 Audit Bug"
• Previous message: Dave Williss: "IFS"
• Maybe in reply to: Dow Summers: "Solaris 2.3-2.4 Audit Bug"
• Next in thread: Mark Graff : "Re: Solaris 2.3-2.4 Audit Bug"

At 05:45 PM 2/12/95, Christopher Klaus wrote:
>> 
>> I'm sorry if this has been discussed before.
>> 
>> There is a major security problem with auditing under solaris 2.3
>> and 2.4.  If you run bsmconv to turn on auditing, any user can
>> break root very very easily.  I'ld say more but I'ld like to give
>> sun at least a little bit of a chance to fix it first.
>> 
>> I have access to the source code for the os and have tracked down
>> the one line of bad code.  How can I contact Sun to tell them the
>> problem with this line of code?????????????
>
>Send email to info@iss.net with the following in the body of the message:
>
>send vendor for faq
>
>This will send you the FAQ for various vendors to get in touch with.
>
>You can also email Sun at security-alert@sun.com and I am sure Mark Graff
>can help you.
>
>Chris
>
>-- 
Hey Chris, 
Is this going to be in our class as well? Also, has John gotten you the info 
about the net address ranges yet?
  =====================================================
/            I am a peripheral visionary...             \
|          I can sort of see the future ok...           |
|             It's just off to the side                 |
|=======================================================|
|      NASA MOD AIS Security Engineering Team           |
|                      --==8==--                        |
|      dagostin@killerbee.jsc.nasa.gov  (713)-282-3717) |
\_________________________________ FAX: (713)-282-4922  /
 

• Next message: Mark Graff : "Re: Solaris 2.3-2.4 Audit Bug"
• Previous message: Dave Williss: "IFS"
• Maybe in reply to: Dow Summers: "Solaris 2.3-2.4 Audit Bug"
• Next in thread: Mark Graff : "Re: Solaris 2.3-2.4 Audit Bug"