Bugtraq mailing list archives
Re: Solaris 2.5.1 party piece
From: Wolfram.Schmidt () IAO FHG DE (Wolfram Schmidt)
Date: Fri, 20 Jun 1997 04:10:17 +0200
Some weeks ago I was given a test patch which fixes the problem. Lets see how long it takes to build the final version. -Wolfram On Jun 19, 20:47, Alan Cox wrote:
Subject: Solaris 2.5.1 party piece
] Well CERT have had this for a year, AUSCERT for a couple of weeks and ] now its time bugtraq had it ] ] cc solarisuck.c -o solarisuck -lsocket ] rsh localhost ./solarisuck [...] ] You can adjust this to do other things. Basically any user can do network control ] requests on a root created socket descriptor. ] ] ] Workarounds: ] 1. Disable rsh and any non root owned inetd tasks - breaks remote tar etc ] 2. Run an OS that the vendor doesnt take a year to fix bugs in ] ] I have the original emails from Sun folks (Casper Dik, Alec Muffett and co) ] to prove Sun have sat on this for ages. ] ] Alan
-- End of excerpt from Alan Cox
-- Email: Wolfram.Schmidt () iao fhg de Voice: +49 711 970 2431 Fax: +49 711 970 2401 Office: Fraunhofer IAO, Holzgartenstr. 17, 70174 Stuttgart, Germany
Current thread:
- Re: Solaris 2.5.1 party piece Wolfram Schmidt (Jun 19)