Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

Ian MacPhedran (Ian_MacPhedran@dvinci.usask.ca)
Wed, 20 Sep 1995 18:25:14 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brad Powell: "Re: load.root (loadmodule hole)"
Previous message: Karl Strickland: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
In reply to: Goetz von Escher: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Next in thread: Casper Dik: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"

On Tue, 19 Sep 1995, Goetz von Escher wrote:

> On Sep 19,  4:33pm, Sten Gunterberg wrote:
> >
> > There's no patch yet, but Sun is apparently working on one. The Bug-IDs
> > are 1219835 for Solaris 1.x (SunOS 4.x) and 1220257 for Solaris 2.x.
> > Try to give those to local Sun support and see what happens :-)
>
> Solaris 2.x ??? - I thought this is a BSD problem? Are you telling
> me that *all* my Solaris boxes are vulnerable too?

As well as those from other vendors. This is not strictly a Sun problem.

> Also local Sun support told me that the patch for Bug 1219835 has been
> integrated into SunOS 4.1.4 and there probably won't be a patch for
> older versions! Here's the bug info they sent me:
>
>  Bug Id:     1219835
>  Product:  sunos
>  Category:  utility
>  Subcategory:  other
>  Release summary: 4.1.3, 4.1.4, 4.1.3_U1, 4.1
>  Bug/Rfe:  bug
>  State:  integrated

Here's the latest header on that bug report:
 Bug Id:     1219835
 Category:  utility
 Subcategory:  other
 State:  fixed
 Release summary: 4.1.3_U1, 4.1.4, 4.1.3, no-v4, 4.1, 5.4, 5.3
 Synopsis:  Syslog(3) can be abused to gain root access on 4.X systems
        Integrated in releases:
 Patch id:
Description:

Note that there are _NO_ entries for "integrated in releases" nor "patch
id".

> But now I'm really getting confused when I read the mail by Andy Cowley
> who said:
>
> On Sep 19,  4:17pm, andy@btc.uwe.ac.uk wrote:
> > > -  Is Sun working on a patch?
> > ...
> > patches are available to existing fault call owners. If the problem
> > is severe for you persuade Sun to send them. They are :-
> >
> >         4.1.3_U1 domestic libc          = T101759-04
> >         4.1.3_U1 international libc     = T101558-07
> >         4.1.4 domestic libc             = T102544-03
> >         4.1.4 international libc        = T102545-03
> >
> > These are betas and Sun will expect testing and a report.
>
> So why would there be a test patch for SunOS 4.1.4 if it was fixed
> in that release? I guess one of you guys is wrong.

Your local Sun person was probably wrong. Have them recheck their
information. Note that there is mention of a patch (100909) in bug report
1219835 which is thought to have fixed this which would have been
included in 4.1.3_U1, and 4.1.4. However, it appears that this may not be
the case.

Ian.
----------------------------------------------------------------------------
Ian MacPhedran,    Engineering Computer Centre,   2B13 Engineering Building,
University of Saskatchewan,  57 Campus Drive,  Saskatoon SK  S7N 5A9, CANADA
Phone: (306)966-4832 Fax: (306)966-5205  Email: Ian_MacPhedran@engr.USask.CA

Next message: Brad Powell: "Re: load.root (loadmodule hole)"
Previous message: Karl Strickland: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
In reply to: Goetz von Escher: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Next in thread: Casper Dik: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"