Solaris 2.x vunerability

Scott Chasin (chasin@CRIMELAB.COM)
Mon, 14 Aug 1995 12:39:11 MDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Scott Chasin: "BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Paul Phillips: "cgi-bin security"

A major hold has been found on Solaris 2.x which will allow
anyone with a user account to gain root access.

I will be sending the exploit code to you in a few hours from now.

The bug exploits a common vunerability that can be fixed with
an easy workaround: chmod +t /tmp

My suggestion to you is that you check all machines running Solaris 2.x
to see if the /tmp directory has the sticky bit set.

GOOD:  drwxrwxrwt   3 root     root         877 Aug 14 12:43 /tmp
EVIL:  drwxrwxrwx   3 root     root         877 Aug 14 12:43 /tmp


If you have any questions at all, please Email me.

Scott Chasin
chasin@crimelab.com

Next message: Scott Chasin: "BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Paul Phillips: "cgi-bin security"