Re: Possible SunOS 5.5.1 sulogin vulnerability

[mark.graff () ENG SUN COM (Mark Graff)]

This was discussed on comp.security.unix yesterday. It's not a security hole,
just a bogus message produced by a program that expects to be run
with privileges. I filed a bug on it.

-mg-

Mark Graff
Sun Security Coordinator
415 -786-5274


 From owner-bugtraq () NETSPACE ORG  Fri Nov 15 16:01:54 1996
 Approved-By: ALEPH1 () UNDERGROUND ORG
 Approved-By: Steve Blass <swb () AURORA PHYS UTK EDU>
 Date: Fri, 15 Nov 1996 17:59:42 -0500
 Subject: Re: Possible SunOS 5.5.1 sulogin vulnerability
 X-To: "Jason R. Mastaler" <jason () mastaler com>
 To: Multiple recipients of list BUGTRAQ <BUGTRAQ () netspace org>

 I just tried it on a patched 2.5.1 box and it does *look like it goes into
 single user mode but I still couldn't edit /etc/shadow.  Near as I can
 tell it just gave me a subshell.

 -
 swb


 On Wed, 13 Nov 1996, Jason R. Mastaler wrote:

> Possible hole in sulogin here?  Under Solaris 2.5.1 (sparc & x86),
> executing /sbin/sulogin from an unprivileged user account dumps you
> into what appears to be single-user mode with an ugly warning message
> without prompting for the root password.  You don't find this with
> earlier versions of Solaris (2.5 and lower).
>
> ________________________________________________________________
>
> sol251% /sbin/sulogin
>
> *** NO ENTRY FOR root IN PASSWORD FILE! ***
>
> Entering System Maintenance Mode
>
> $
>
> ________________________________________________________________
>
> sol25% /sbin/sulogin
>
> Type Ctrl-d to proceed with normal startup,
> (or give root password for system maintenance):
>
> ________________________________________________________________