Re: Solaris 2.5.1 party piece

Wolfram Schmidt (Wolfram.Schmidt@IAO.FHG.DE)
Fri, 20 Jun 1997 04:10:17 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Robert LoVerso: "Re: Netscape Exploit SOLVED"
Previous message: Theo de Raadt: "Re: Core file anomalies under BSDi 3.0"
Maybe in reply to: Alan Cox: "Solaris 2.5.1 party piece"
Next in thread: Joe Gross: "Re: Solaris 2.5.1 party piece"

Some weeks ago I was given a test patch which fixes the problem. Lets see
how long it takes to build the final version.

-Wolfram

On Jun 19, 20:47, Alan Cox wrote:
> Subject: Solaris 2.5.1 party piece
] Well CERT have had this for a year, AUSCERT for a couple of weeks and
] now its time bugtraq had it
]
] cc solarisuck.c -o solarisuck -lsocket
] rsh localhost ./solarisuck
[...]
] You can adjust this to do other things. Basically any user can do
network control
] requests on a root created socket descriptor.
]
]
] Workarounds:
] 1. Disable rsh and any non root owned inetd tasks - breaks remote tar
etc
] 2. Run an OS that the vendor doesnt take a year to fix bugs in
]
] I have the original emails from Sun folks (Casper Dik, Alec Muffett and
co)
] to prove Sun have sat on this for ages.
]
] Alan
>-- End of excerpt from Alan Cox

--
Email: Wolfram.Schmidt@iao.fhg.de
Voice: +49 711 970 2431
Fax: +49 711 970 2401
Office: Fraunhofer IAO, Holzgartenstr. 17, 70174 Stuttgart, Germany

Next message: John Robert LoVerso: "Re: Netscape Exploit SOLVED"
Previous message: Theo de Raadt: "Re: Core file anomalies under BSDi 3.0"
Maybe in reply to: Alan Cox: "Solaris 2.5.1 party piece"
Next in thread: Joe Gross: "Re: Solaris 2.5.1 party piece"