Bugtraq mailing list archives
Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm]
From: jody () blueskytours com (Jody L. Baze)
Date: Thu, 5 Dec 1996 14:51:52 -0700
On Thu, 5 Dec 1996, Paul B. Henson wrote:
Platform: Solaris 2.4, 2.5, 2.5.1, other System V derived systems with the FACE package installedI tried your example on three different Solaris 2.5 machines with varying patch levels. On all of them, after setting up the environment as specified, running the chkperm command resulted in an error message, and no .rhosts file was created in /usr/bin.
I've tried this on several machines so far (also with varying patch levels) and have noticed similar behaviour...
% /usr/vmsys/bin/chkperm -l -u foo Error creating <gibberish characters>
It apparently tries to create that file in the parent directory. It *will* create the file if you happen to be in, for example, /tmp/foo - it'll get created in /tmp. The perm/owner/group is 0666:bin:bin.
Was anyone able to successfully reproduce this exploit?
Nope, at least not on my machines. Hmm... JLB -- Jody L. Baze Blue Sky Tours, Inc. Software Development 10832 Prospect Avenue N.E. System Administration Albuquerque, NM 87112 jody () BlueSkyTours COM (505) 292-6961
Current thread:
- Re: sunos rlogin Roger Espel Llima (Dec 04)
- Re: sunos rlogin Casper Dik (Dec 05)
- NFS/mountd minor bug Alan Cox (Dec 05)
- Re: NFS/mountd minor bug Brian Mitchell (Dec 05)
- Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Kevin L Prigge (Dec 05)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Paul B. Henson (Dec 05)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Jody L. Baze (Dec 05)
- Irix NFS fun Foowan (Dec 05)