Bugtraq mailing list archives

Re: ff.core exploit on Solaris (2.)7

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Fri, 15 Jan 1999 14:20:36 +0100

Greetings,
       Confirmed ff.core exploit does exist in Solaris 7, server
edition.  System is straight installation, no patches of any category
available for 7 from Sunsolve yet.



There's another workaround for the "ff.core" bug rather than taking away
it's set-uid permissions.

The workaround is:

        chmod a-w /vol/*

(Best added to the volmgt starup script in the following fashion, after the
line that starts vold:


                while sleep 1
                do
                        if [ -d /vol/rmt ]
                        then
                                chmod a-w /vol/*
                                break
                        fi
                done &


This leaves a 1 second window or so of vulnerability at boot time which you
can prevent by starting vold earlier than cron & inetd.


Casper

Current thread:

Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service), (continued)
- - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Darren Reed (Jan 08)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Nick Maclaren (Jan 08)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Mark Crosbie (Jan 09)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Pete Kruckenberg (Jan 09)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 09)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Len Budney (Jan 08)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 08)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Kragen Sitaker (Jan 09)
- really silly ff.core exploit for Solaris John McDonald (Jan 07)
  - ff.core exploit on Solaris (2.)7 Daniel J. Frasnelli (Jan 08)
    - Re: ff.core exploit on Solaris (2.)7 Casper Dik (Jan 15)
  - L0pht tmp tool and (mini) Advisory Dr. Mudge (Jan 08)
- Re: Anonymous Qmail Denial of Service Antonomasia (Jan 07)
- Re: Anonymous Qmail Denial of Service D. J. Bernstein (Jan 09)
  - Re: Anonymous Qmail Denial of Service Wietse Venema (Jan 10)
  - Keeping Solaris up-to-date John RIddoch (Jan 11)
    - Keeping any up-to-date? Randolf-Heiko Skerka (Jan 13)
    - Re: Keeping any up-to-date? Ciaran Deignan (Jan 15)
    - Re: Keeping any up-to-date? Peter May (Jan 15)
  - Administrivia Aleph One (Jan 12)
    - Tracing by uid u after root does setuid(u) D. J. Bernstein (Jan 12)

(Thread continues...)