Bugtraq mailing list archives

Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

From: root () iifeak swan ac uk (System Administrator)
Date: Fri, 18 Aug 1995 16:10:44 +0100

Just to add my two cents to the discussion:
        - this is a known problem


So why wasn't it more publically announced. Sun could easily have issued a
new binary very publically and without saying what they had fixed.

        - it is fixed in 2.5 (by using fchown, not chown, both versions of ps)

So why didnt you tell people instead of negligently leaving them exposed

        - it only affects people that either:
                - use tmpfs (default) and don't modifiy it +t themselves
                - or us a filesystem for /tmp and didn't do a +t as well.


Otherwise known as the majority of people who are less technically clued up.
Vendors need to improve their methods.

Alan

Current thread:

/proc ps for Solaris 2.X, (continued)
- - - /proc ps for Solaris 2.X Doug Hughes (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Thorson (Aug 15)
  - Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
    - Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
    - Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Patrick Hess (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Scott Chasin (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
  - Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Darren Reed (Aug 17)
  - Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Casper Dik (Aug 17)
    - BUGTRAQ ALERT: Solaris 2.x Arve Kjoelen (Aug 18)
    - Re: BUGTRAQ ALERT: Solaris 2.x vulnerability System Administrator (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability David Rukshin (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Scott Chasin (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Mark Graff (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Paul Ashton (Aug 18)