Bugtraq mailing list archives
Re: automountd and Solaris 2.3
From: reh () cs umd edu (Richard Huddleston)
Date: Thu, 5 May 1994 11:51:52 -0400
How subtle a bug it is. I've got about 200 Solaris 2.3 systems at my place of employment and a small overworked staff of volunteers. More information tells me where I place this on my list of things to get around to. Happy? Richard * From wam () staff cc purdue edu Thu May 5 11:26:14 1994 * Received: from mimsy.cs.UMD.EDU * by bedrock.cs.UMD.EDU (8.6.5/UMIACS-0.9/04-05-88) * id LAA18945; Thu, 5 May 1994 11:26:13 -0400 * Received: from staff.cc.purdue.edu * by mimsy.cs.UMD.EDU (8.6.5/UMIACS-0.9/04-05-88) * id LAA21124; Thu, 5 May 1994 11:26:10 -0400 * Received: from despair.cc.purdue.edu by staff.cc.purdue.edu (4.1/Purdue_CC) * id AA10482; Thu, 5 May 94 10:26:00 EST * Message-Id: <9405051526.AA10482 () staff cc purdue edu> * To: reh () cs umd edu (Richard Huddleston) * Subject: Re: automountd and Solaris 2.3 * Date: Thu, 05 May 1994 10:25:17 -0500 * From: William McVey <wam () staff cc purdue edu> * Status: R * * Richard Huddleston wrote: * >The hole allows a non-root user to gain root, so the Bulletin * >says, implying that this isn't exploitable from a remote machine * >-- but there are no details, of course. * > * >Anyone have more of an idea as to how much of a threat this * >actually is? * * What exactly are you looking for? The Sun bulletin told you how * much of a threat it is ("allows a user with an unprivileged * account on a 2.3 system to gain root access") as well as how to * fix it. The bulletin also said that regular SunOS is not vulnerable, * implying that this is just a "Solaris Thing". What other information * do you need? * * - William McVey * Purdue University Computing Center * Systems Administration Group *
Current thread:
- Re: automountd and Solaris 2.3 Mark Graff (May 04)
- <Possible follow-ups>
- Re: automountd and Solaris 2.3 Richard Huddleston (May 05)
- Re: automountd and Solaris 2.3 Jim Thompson (May 05)
- Re: automountd and Solaris 2.3 William McVey (May 05)
- automountd and Solaris 2.3 Karyn Pichnarczyk (May 05)