Re: Solaris 2.5.1 party piece

[Wolfram.Schmidt () IAO FHG DE (Wolfram Schmidt)]

Some weeks ago I was given a test patch which fixes the problem. Lets see
how long it takes to build the final version.

-Wolfram



On Jun 19, 20:47, Alan Cox wrote:
> Subject: Solaris 2.5.1 party piece
]  Well CERT have had this for a year, AUSCERT for a couple of weeks and
] now its time bugtraq had it
]
] cc solarisuck.c -o solarisuck -lsocket
] rsh localhost ./solarisuck
[...]
] You can adjust this to do other things. Basically any user can do
network control
] requests on a root created socket descriptor.
]
]
] Workarounds:
]  1.  Disable rsh and any non root owned inetd tasks -  breaks remote tar
etc
]  2.  Run an OS that the vendor doesnt take a year to fix bugs in
]
]  I have the original emails from Sun folks (Casper Dik, Alec Muffett and
co)
]  to prove Sun have sat on this for ages.
]
]  Alan
> -- End of excerpt from Alan Cox



--
Email: Wolfram.Schmidt () iao fhg de
Voice: +49 711 970 2431
Fax: +49 711 970 2401
Office: Fraunhofer IAO, Holzgartenstr. 17, 70174 Stuttgart, Germany