Bugtraq mailing list archives
Re: Security Info (root broken)
From: pug () arlut utexas edu (Pug)
Date: Thu, 29 Sep 1994 07:41:03 -0600 (CDT)
On Thu, 29 Sep 1994 07:04:44 -0600 (CDT), Pug <pug () arlut utexas edu> said:>> This was a new >> install, and it lasted about 4 days. One person heard thru the cracker >> grapvine that root was broken thru /bin/mail. P> Did you happen to install the following, in particular 101436-02? P> Solaris 1.1.1 Patches Containing Security Fixes: P> ------------------------------------------------ P> 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch This is the patch which made the race condition *easier* to exploit than it was in the unpatched version.
As I remember the race condition, you don't have a problem if you don't allow the 'r' commands into your system. The race condition created a .rhosts file for accounts that had UID 0, but no existing .rhosts file. I can't find my copy of the exploit anymore to be certain. As well, you had to start on the system, so it wasn't that much of an external job anyway. I see allowing 'r' commands into your installation as a Bad Thing anyway. Ciao, -- Richard Bainter Mundanely | System Analyst - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug () arlut utexas edu | pug () bga com Note: The views may not reflect my employers, or even my own for that matter.
Current thread:
- Re: setuid scripts in SunOS 4.1.x, (continued)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 28)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 28)
- Security Info (root broken) Pat Myrto (Sep 28)
- Re: Security Info (root broken) Valdis.Kletnieks () vt edu (Apr 18)
- Re: Security Info (root broken) Perry E. Metzger (Sep 28)
- Re: Security Info (root broken) pluvius (Sep 28)
- Re: Security Info (root broken) Charles R. Hoynowski (Sep 29)
- Re: Security Info (root broken) Christopher Klaus (Sep 28)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) John Ladwig (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Casper Dik (Sep 29)
- Re: Security Info (root broken) Timothy Newsham (Sep 29)
- Old sendmail bugs Michael Neuman (Sep 29)
- Re: Security Info (root broken) Karl Strickland (Sep 29)
- Re: Security Info (root broken) Christopher Klaus (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Neil Woods (Sep 29)
- IBM AIX rlogin fix jim () Tadpole COM (Sep 28)
- security problem w/ smail james w abendschan (Sep 27)