Bugtraq mailing list archives
Correction: CPSN 9:971208: Solaris /var Permission Problems
From: mpotter () BALINK COM (MATTHEW POTTER)
Date: Tue, 13 Jan 1998 11:16:25 -0500
Hi, This affects 2.3, 2.4, and 2.5 , 2.5.1, 2.6 SPARC and x86(NOT JUST 2.5(1) and 2.6 SPARC), any user can fill var(stopping local logging, causing all kinds of problems etc..) or put a rogue package in /var/spool/pkg then the admin unsuspectingly just does a pkgadd and dosent verify his or her packages, this can lead to root compromise, I think this bug is widley known. Run ASET(SUNWast) at the highest level, this is good procedure for any solaris box before it goes on a network as well as running fixmodes. ASET helps permissions from drifting to a lower privlage level(it seems in solaris if you dont run any type of perm changing program permissions seem to get progressivly worse over time). As well as patching 2.5.1 and prior, for the /usr/lib/newsyslog bug (the script sets modes 666 after rotating the logs! prior to 2.6) bug so when cron rotates logs the new logs get set up properly! It's weird Sun has let this go this long,mabey it's a compatiblity issue(?), though mine are strict and I have had no problems with the permissions. Regards, Matthew R. Potter ______________________________ Reply Separator _________________________________ Subject: CPSN 9:971208: Solaris /var Permission Problems Author: CPIO Advisory Role Account <advisory () CORINNE CPIO ORG> at Internet Date: 1/12/98 3:56 PM **************** CPIO Security Notice **************** Issue Number 9: 971208 Topic: Solaris /var Permission problems Platforms: Solaris 2.5.1, 2.6 / SPARC; possibly 2.5. Severity: Common Sense Caution **** http://www.darpanet.net ****
Current thread:
- Correction: CPSN 9:971208: Solaris /var Permission Problems MATTHEW POTTER (Jan 13)
- Xserver stack smashed Pavel Kankovsky (Jan 13)
- Re: Xserver stack smashed M Shariful Anam (Jan 14)
- DoS attack: apache (& other) .htaccess Authentication jan () WEDEKIND DE (Jan 14)
- Re: DoS attack: apache (& other) .htaccess Authentication Marc Slemko (Jan 14)
- Re: DoS attack: apache (& other) .htaccess Authentication Tim Newsham (Jan 15)
- Re: DoS attack: apache (& other) .htaccess Authentication Dustin Sallings (Jan 15)
- Re: DoS attack: apache (& other) .htaccess Authentication Casper Dik (Jan 16)
- pbomb'ing SSH on a FreeBSD box. Jeff Johnson (Jan 15)
- Re: pbomb'ing SSH on a FreeBSD box. FrontLine Assembly (Jan 17)
- Re: DoS attack: apache (& other) .htaccess Authentication Dean Gaudet (Jan 16)
- Xserver stack smashed Pavel Kankovsky (Jan 13)