Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

Neil Readwin (nreadwin@london.micrognosis.com)
Tue, 15 Aug 1995 21:58:33 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Dilger: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Adam Prato: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
In reply to: Michael Dilger: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Next in thread: Dan Cross: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"

Michael Dilger writes:
> I tried this attack on /usr/bin/ps and /usr/ucb/ps, and it works on
> both of them.  This makes me think that more than just solaris 2.x
> machines are vulnerable (depending on the /tmp sticky bit).

Many things depend on the /tmp sticky bit, ps was just a convenient
way to get root. crontab can be attacked to overwrite anyone's cron
file when they run 'crontab -e' (Scott, if you think it's worth
posting the code for this let me know) and any of the other things that
stash files in /tmp can be attacked. Neil.
--
 nreadwin@micrognosis.co.uk       Phone: +1 908 855 1221 x519
 Anything is a cause for sorrow that my mind or body has made

Next message: Michael Dilger: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Adam Prato: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
In reply to: Michael Dilger: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Next in thread: Dan Cross: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"