Bugtraq mailing list archives

Re: BIG Security Hole in Solaris 2.X (X)passwd + exploit

From: cschuber () uumail gov bc ca (Cy Schubert - ITSD Open Systems Group)
Date: Tue, 4 Mar 1997 09:08:36 -0800

An Exploit for a Big Big security hole in passwd ( + yppasswd and
nispasswd)


I tried the exploit and it did not work in machines patched
with 103187-09  (Solaris 2.5) or 103612-06  (Solaris 2.5.1).

Could some verify this?


This particular exploit does not work, however it does cause a buffer
overflow and a subsequent bus error.  It should be trivial to modify the
exploit to work on patched systems as well.


--
jukka



Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
UNIX Support                   OV/VM:  BCSC02(CSCHUBER)
ITSD                          BITNET:  CSCHUBER@BCSC02.BITNET
Government of BC            Internet:  cschuber () uumail gov bc ca
                                       cschuber () bcsc02 gov bc ca

Current thread:

Re: BIG Security Hole in Solaris 2.X (X)passwd + exploit Santithorn Bunchua (Feb 28)
- <Possible follow-ups>
- Re: BIG Security Hole in Solaris 2.X (X)passwd + exploit Cy Schubert - ITSD Open Systems Group (Mar 04)