Bugtraq mailing list archives
Re: SCO POP remote root exploit
From: belal () SCO COM (Bela Lubkin)
Date: Thu, 16 Jul 1998 16:03:58 -0700
A fixed binary is now available in the SCO Security Enhancements directory on ftp.sco.com: ftp://ftp.sco.com/SSE Get files README and sse013.*. Check the README for other supplements that you should also have, depending on your OS release. The popper fix applies to SCO OpenServer 5.0.0 through 5.0.4, SCO Internet FastStart 1.0.0 and 1.1.0. The popper in UnixWare 7 and in UnixWare 2.x-based Internet FastStart is based on completely different source and doesn't have this set of problems.
Bela<
PS: interesting case study. A friend of mine runs an OSR5 public access system. When this exploit was posted, I immediately broke root on his system with it. I then disabled popper and told him about it. He installed a fixed popper binary. In the succeeding 24 hours, syslog showed 5 separate attempts from around the world -- none of which succeeded. The problem which caused this vulnerability has been well known for 2-3 weeks. But until a "no brainer" attack was made available, actual attacks weren't happening.
Current thread:
- SCO POP remote root exploit Vit Andrusevich (Jul 15)
- <Possible follow-ups>
- Re: SCO POP remote root exploit Bela Lubkin (Jul 15)
- Re: SCO POP remote root exploit Bela Lubkin (Jul 16)