Re: automountd and Solaris 2.3

[reh () cs umd edu (Richard Huddleston)]

How subtle a bug it is.  I've got about 200 Solaris 2.3 systems at
my place of employment and a small overworked staff of volunteers.

More information tells me where I place this on my list of things to
get around to.

Happy?

Richard
* From wam () staff cc purdue edu Thu May  5 11:26:14 1994
* Received: from mimsy.cs.UMD.EDU 
*       by bedrock.cs.UMD.EDU (8.6.5/UMIACS-0.9/04-05-88)
*       id LAA18945; Thu, 5 May 1994 11:26:13 -0400
* Received: from staff.cc.purdue.edu 
*       by mimsy.cs.UMD.EDU (8.6.5/UMIACS-0.9/04-05-88)
*       id LAA21124; Thu, 5 May 1994 11:26:10 -0400
* Received: from despair.cc.purdue.edu by staff.cc.purdue.edu (4.1/Purdue_CC)
*       id AA10482; Thu, 5 May 94 10:26:00 EST
* Message-Id: <9405051526.AA10482 () staff cc purdue edu>
* To: reh () cs umd edu (Richard Huddleston)
* Subject: Re: automountd and Solaris 2.3 
* Date: Thu, 05 May 1994 10:25:17 -0500
* From: William McVey <wam () staff cc purdue edu>
* Status: R
* 
* Richard Huddleston wrote:
* >The hole allows a non-root user to gain root, so the Bulletin
* >says, implying that this isn't exploitable from a remote machine
* >-- but there are no details, of course.  
* >
* >Anyone have more of an idea as to how much of a threat this
* >actually is?
* 
* What exactly are you looking for?  The Sun bulletin told you how 
* much of a threat it is ("allows a user with an unprivileged 
* account on a 2.3 system to gain root access") as well as how to
* fix it.  The bulletin also said that regular SunOS is not vulnerable,
* implying that this is just a "Solaris Thing".  What other information
* do you need?
* 
*  - William McVey
*    Purdue University Computing Center
*    Systems Administration Group
*