Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

[Dan_Thorson () notes seagate com (Dan Thorson)]

Michael said:
> I tried this attack on /usr/bin/ps and /usr/ucb/ps, and it
> works on both of them.  This makes me think that more than
> just solaris 2.x machines are vulnerable (depending on the
> /tmp sticky bit).

I did a little poking around myself.  SunOS 4.x's "ps":
 isn't suid root
 doesn't open any file in /tmp
 and even if it did, /tmp has the sticky bit set

So only SunOS 5.x seems involved insofar as SunOS is concerned.

I checked my HP's, and their ps is also not suid root, so they
should be safe.

True?

dct