Bugtraq mailing list archives
Re: IRIX 5.2 Security Advisory
From: de5 () de5 CTD ORNL GOV (Dave Sill)
Date: Tue, 9 Aug 1994 11:03:04 -0400
Steve Kotsopoulos wrote:
: There is no way to know if someone has exploited the bug. It's such : a quiet little hole that it doesn't leave a mark anywhere. You don't : even have to logon to exploit it. That's how bad it is.
Wait a minute, they said the bug could be exploited without logging in? The original notice said: ]A potential vulnerability has been discovered in the IRIX 5.2 operating ]system which would enable an unprivileged user to become an active ]root user. ~~~~ So which is it? Also, here's one I tried to send out while bugtraq was on hiatus. /usr/sbin/colorview is setuid root and can be used to read any file on the system (e.g., /etc/shadow) with the "-text" option. Affects IRIX 5.2 at least. -Dave
Current thread:
- IRIX 5.2 Security Advisory Steve Kotsopoulos (Aug 09)
- Re: IRIX 5.2 Security Advisory Dave Sill (Aug 09)
- Re: IRIX 5.2 Security Advisory max () gac edu (Aug 09)
- Re: IRIX 5.2 Security Advisory Marc W. Mengel (Aug 09)
- <Possible follow-ups>
- Re: IRIX 5.2 Security Advisory Jim Littlefield (Aug 09)
- Re: IRIX 5.2 Security Advisory Karyn Pichnarczyk (Aug 09)
- Re: IRIX 5.2 Security Advisory Perry E. Metzger (Aug 10)
- Re: IRIX 5.2 Security Advisory Bob Vickers (Aug 10)