Bugtraq mailing list archives
Re: Possible SunOS 5.5.1 sulogin vulnerability
From: mark.graff () ENG SUN COM (Mark Graff)
Date: Fri, 15 Nov 1996 16:05:34 -0800
This was discussed on comp.security.unix yesterday. It's not a security hole, just a bogus message produced by a program that expects to be run with privileges. I filed a bug on it. -mg- Mark Graff Sun Security Coordinator 415 -786-5274 From owner-bugtraq () NETSPACE ORG Fri Nov 15 16:01:54 1996 Approved-By: ALEPH1 () UNDERGROUND ORG Approved-By: Steve Blass <swb () AURORA PHYS UTK EDU> Date: Fri, 15 Nov 1996 17:59:42 -0500 Subject: Re: Possible SunOS 5.5.1 sulogin vulnerability X-To: "Jason R. Mastaler" <jason () mastaler com> To: Multiple recipients of list BUGTRAQ <BUGTRAQ () netspace org> I just tried it on a patched 2.5.1 box and it does *look like it goes into single user mode but I still couldn't edit /etc/shadow. Near as I can tell it just gave me a subshell. - swb On Wed, 13 Nov 1996, Jason R. Mastaler wrote:
Possible hole in sulogin here? Under Solaris 2.5.1 (sparc & x86), executing /sbin/sulogin from an unprivileged user account dumps you into what appears to be single-user mode with an ugly warning message without prompting for the root password. You don't find this with earlier versions of Solaris (2.5 and lower). ________________________________________________________________ sol251% /sbin/sulogin *** NO ENTRY FOR root IN PASSWORD FILE! *** Entering System Maintenance Mode $ ________________________________________________________________ sol25% /sbin/sulogin Type Ctrl-d to proceed with normal startup, (or give root password for system maintenance): ________________________________________________________________
Current thread:
- Possible SunOS 5.5.1 sulogin vulnerability Jason R. Mastaler (Nov 13)
- Re: Possible SunOS 5.5.1 sulogin vulnerability Steve Blass (Nov 15)
- Re: Possible SunOS 5.5.1 sulogin vulnerability Doug Hughes (Nov 15)
- Re: Possible SunOS 5.5.1 sulogin vulnerability Casper Dik (Nov 15)
- Re: Possible SunOS 5.5.1 sulogin vulnerability Michael Douglass (Nov 15)
- El Programa Matador de Ascendes Scriptors of DOOM (Nov 16)
- El Programa Matador de Ascendes Aleph One (Nov 16)
- This week: turn me on, dead man Aleph One (Nov 16)
- Re: El Programa Matador de Little Boys I like so much Aleph One (Nov 16)
- Apologies to Kit Knox and all Aleph One (Nov 16)
- <Possible follow-ups>
- Re: Possible SunOS 5.5.1 sulogin vulnerability Mark Graff (Nov 15)