Bugtraq mailing list archives
Sequent/DYNIX Security Hole
From: ratlifc () indikos ctron com (Christian A. Ratliff)
Date: Fri, 10 Jun 1994 09:56:16 -0400
Under Sequent DYNIX/ptx 2.x there is a security hole in the telnet command that will allow any user on the system to overwrite any file. Using the command will overwrite any file in any filesystem with a zero-length root- owned file. To exploit this bug try: /usr/bin/telnet -n filename hostname The fix for this bug is simply to remove the setuid bit from the telnet executable. To patch this bug try: chmod u-s /usr/bin/telnet Sequent was already aware of this bug when I reported it last night. While it is fixed in the next major release of their TCP/IP package, no alert was ever sent out to customers. christian ----------- Christian Ratliff Cabletron Systems, Inc. Sales Programmer/Analyst Rochester, NH 03867 ratlifc () ctron com <NeXTmail OK> Work: (603) 337-1209 "I'm a NeXTSTEP man; I'm an SGI guy." Home: (207) 780-NeXT Nobody at Cabletron knows, approves of, or recalls my opinions.
Current thread:
- How was the majordomo bug found ? Vincent D. Skahan (Jun 09)
- Re: How was the majordomo bug found ? Brent Chapman (Jun 09)
- Re: How was the majordomo bug found ? Vincent D. Skahan (Jun 09)
- Re: How was the majordomo bug found ? John Evans (Jun 09)
- Majordomo CERT advisory (modified by rouilj) John P. Rouillard (Jun 09)
- Re: How was the majordomo bug found ? Vincent D. Skahan (Jun 09)
- Re: How was the majordomo bug found ? Eric Vyncke (Jun 09)
- Re: How was the majordomo bug found ? Karl Strickland (Jun 10)
- Re: How was the majordomo bug found ? Evil Pete (Jun 10)
- Sequent/DYNIX Security Hole Christian A. Ratliff (Jun 10)
- Re: How was the majordomo bug found ? Brent Chapman (Jun 09)