Bugtraq mailing list archives
Re: Solaris 2.5.1 patch not effective?
From: sfs () TC UMN EDU (Steve Siirila)
Date: Thu, 11 Jun 1998 16:28:09 -0500
I can confirm that the patch 104490-05 is indeed ineffective against at least one root compromise bug. We experienced such a compromise recently even with the latest security patches (including 104490-05) installed. We decided to simply make ufsdump/ufsrestore non-setuid, non-setgid as they are never run by non-root users at our site anyways. Tom Perrine wrote:
I have two reports from other UC campuses that exploits of the Solaris ufsrestore bug are being used against *sparc* hosts. At least one of the sites reports that patch 104490-05 (Solaris 2.5.1, sparc arch) was applied on a system that was compromised (presumably via this method). Consider this an *inconclusive* warning that the Sun ufsrestore patch *may* not be effective. I have a call into Sun on this one. If we can get the binary of the exploit, it might be interesting. [The reporting sites are BCC'ed on this note. If they want to go public, its up to them.] --tep -- Tom E. Perrine (tep () SDSC EDU) | San Diego Supercomputer Center http://www.sdsc.edu/~tep/ | Voice: +1.619.534.5000 Been there, done that, erased the evidence, blackmailed the witnesses...
-- Steven F. Siirila Enterprise Internet Services Office: Lind Hall, Room 130B Academic and Distributed Computing Services E-mail: sfs () umn edu Office of Information Technology Voice: (612) 626-0244 University of Minnesota Fax: (612) 626-7593
Current thread:
- Solaris 2.5.1 patch not effective? Tom Perrine (Jun 09)
- Re: Solaris 2.5.1 patch not effective? Steve Siirila (Jun 11)
- CERT Summary CS-98.06 Phillip R. Jaenke (Jun 11)
- Re: Solaris 2.5.1 patch not effective? Richard Peters (Jun 11)
- <Possible follow-ups>
- Solaris 2.5.1 patch not effective? Pete Ashdown (Jun 19)
- Re: Solaris 2.5.1 patch not effective? Steve Siirila (Jun 11)