Re: SunOS exploit.

Austin Schutz (tex@COLLEGENET.COM)
Mon, 19 May 1997 12:45:43 -0700

On Mon, 19 May 1997, Christopher X. Candreva wrote:

> On Sun, 18 May 1997, Trevor Linton wrote:
>
> > On sunos, if you execute a clean bash shell then type, export USER="root"
> > then USER=$LOGNAME, then execute chsh root or chfn root you can change
> > the root information.
>
> I was unable to duplicate this on SunOS 4.1.3, using bash 2.00.0(1)
> /usr/bin/passwd (which chsh and chfn are links to) however are not
> original, so possibly some security patch fixed this already.
>
I was able to duplicate this on a pretty vanilla 4.1.3 setup.

bash$ uname -a
SunOS elbereth 4.1.3_U1 2 sun4c
bash$

Tex