Re: Solaris 2.x utmp hole - Notify CERT?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Catherine Allen: "Re: Don't want to replace IDA sendmail"
• Previous message: Scott Barman: "Re: Solaris 2.x utmp hole"

>> The following is somewhat of a security hole in Solaris 2.x which
>> allows any non-root user to remove themselves from /var/adm/utmp[x]
>> files (who, w, finger, etc).
[snip]
> I tried this under Solaris 2.4 on an Intel box.  It worked.
[snip]
> Anyone think a CERT advisory should be issued for this??
I do.  Evasive maneuvers are the start to serious cracking.... the
"feature" should be removed from the OS, and an advisory is a good
way to post a red flag in Sun's to-do list

my opinion anyway.

dct

• Next message: Catherine Allen: "Re: Don't want to replace IDA sendmail"
• Previous message: Scott Barman: "Re: Solaris 2.x utmp hole"