Bugtraq mailing list archives
Re: Solaris ff.core and wsinfo commands.
From: jco () bbn com (John C. Orthoefer)
Date: Tue, 06 Dec 1994 18:34:58 -0500
I haven't seen any _obvious_ ways that these could be dangerous for security, but I'm naturally suspicious of any setuid/setgid program that crashes. Has anyone got any further info on these programs?
I sent this to James already, but forgot to cc the list. Patch 101889-01 says- Keywords: ff.core security hole Synopsis: OpenWindows 3.3: filemgr forked execuatble ff.core has a security hole. Date: Aug/30/94 Solaris Release: 2.3 SunOS Release: 5.3 Unbundled Product: OpenWindows Unbundled Release: 3.3 BugId's fixed with this patch: 1171394 Files included with this patch: /usr/openwin/bin/ff.core Problem Description: 1171394 filemgr forked execuatble ff.core has a security hole. johno - John Orthoefer | Take this out and a Unix Demon will dog your steps from <jco () bbn com> | now until the time_t's wrap around. 617-873-6188 | -- Curse from the tunefs(8) man page source
Current thread:
- letter bombs: enable-local-eval saves Emacs 19, (continued)
- letter bombs: enable-local-eval saves Emacs 19 Stephen Gildea (Dec 06)
- Re: Virus's -- This is an Emacs bomb Robert Lau (Dec 06)
- Re: Virus's -- This is an Emacs bomb Charles Howes (Dec 07)
- good times nobody () c2 org (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Jason Matthews (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Geir Inge Jensen (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Jim Littlefield (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Pat Myrto (Dec 06)
- Solaris ff.core and wsinfo commands. Bonfield James (Dec 06)
- Re: Solaris ff.core and wsinfo commands. John C. Orthoefer (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Geir Inge Jensen (Dec 06)
- Got this - not sure of authenticity. Better safe etc... Michael Covington (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Robert M. Haas (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Karyn Pichnarczyk (Dec 05)
- Re: Got this - not sure of authenticity. Better safe etc... Doug Hughes (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Richard Chycoski (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Jason Matthews (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Eric Kimminau (Dec 07)
- Re: Got this - not sure of authenticity. Better safe etc... Craig Presson (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Richard Chycoski (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Graham W. Mullier (Dec 07)