Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Wolfgang Ley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• Previous message: Neil Readwin: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• Maybe in reply to: Scott Chasin: "BUGTRAQ ALERT: Solaris 2.x vulnerability"
• Next in thread: Adam Prato: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"

-----BEGIN PGP SIGNED MESSAGE-----

Content-Type: text/plain; charset=us-ascii


> B U G T R A Q   A L E R T                           bugtraq-alert-081495.01
> [...]
> Scott Chasin
> chasin@crimelab.com

Good job Scott.

I tried this attack on /usr/bin/ps and /usr/ucb/ps, and it works on
both of them.  This makes me think that more than just solaris 2.x
machines are vulnerable (depending on the /tmp sticky bit).

- --
Michael Dilger
Michael.Dilger@Sun.COM
ENS, Network Security Group
Sun Microsystems, Inc.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMDDSWTY+1VQoRvQxAQETkgQAifsbHZkIfZcyYbJjvbiGRe8hS5eV7ptB
MP5UkEGqDztosq7j/fMcOpOjuQBEKHJpplQK2c+CqsYj/nkqRhHsq1GWDjqw7uFJ
sIdZ/JOlQ8NwYl0wQQWDTk3YwT05H7E3xwyQE9vpEwOBc1tSr2k4r2HkZDPaOsow
KKv5/Aj8d2g=
=0rcK
-----END PGP SIGNATURE-----

• Next message: Wolfgang Ley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• Previous message: Neil Readwin: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• Maybe in reply to: Scott Chasin: "BUGTRAQ ALERT: Solaris 2.x vulnerability"
• Next in thread: Adam Prato: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"