A major hold has been found on Solaris 2.x which will allow anyone with a user account to gain root access. I will be sending the exploit code to you in a few hours from now. The bug exploits a common vunerability that can be fixed with an easy workaround: chmod +t /tmp My suggestion to you is that you check all machines running Solaris 2.x to see if the /tmp directory has the sticky bit set. GOOD: drwxrwxrwt 3 root root 877 Aug 14 12:43 /tmp EVIL: drwxrwxrwx 3 root root 877 Aug 14 12:43 /tmp If you have any questions at all, please Email me. Scott Chasin chasin@crimelab.com