Bugtraq mailing list archives

Re: Solaris /usr/bin/cu Vulnerability

From: Casper Dik <Casper.Dik () HOLLAND SUN COM>
Date: Fri, 19 Jan 2001 17:46:40 +0100

If i look at the output of find / -user uucp -xdev -ls on a freshly
installed and patched solaris7, this seems enough for me to r00t
the box.
# find / -user uucp -xdev -ls
188616   55 -rws--x--x  1 uucp     bin         56240 Jan  9 06:39 /usr/bin/tip
188741    8 -r-xr-xr-x  1 uucp     uucp         8188 Sep  1  1998 /usr/bin/uudecode
188742    8 -r-xr-xr-x  1 uucp     uucp         7224 Sep  1  1998 /usr/bin/uuencode
123841    0 -rw-------  1 uucp     bin             0 Jan 17 15:54 /var/adm/aculog
300661    1 drwxr-xr-x  2 uucp     uucp          512 Jan 19 08:28 /var/spool/locks
276741    0 crw-------  1 uucp     uucp      29,131072 Jan 17 16:16 /devices/sbus@1f,0/zs@f,110000

0:a,cu

276742    0 crw-------  1 uucp     uucp      29,131073 Jan 17 16:16 /devices/sbus@1f,0/zs@f,110000

0:b,cu

(the 2 devices are /dev/term/a and /dev/term/b ...)


In Solaris 8 we have changed the ownership of the binaries to root,
except those that are set-uid uucp.

Uucp configuration and tip are still uucp owned.


Casper

Current thread:

Solaris /usr/bin/cu Vulnerability Pablo Sor (Jan 18)
- Re: Solaris /usr/bin/cu Vulnerability Tomas Cibulka (Jan 18)
  - Re: Solaris /usr/bin/cu Vulnerability Juergen P. Meier (Jan 19)
    - Re: Solaris /usr/bin/cu Vulnerability Casper Dik (Jan 22)
- Solaris /usr/bin/cu Vulnerability hal King (Jan 23)
  - Re: Solaris /usr/bin/cu Vulnerability Dan Harkless (Jan 30)
- <Possible follow-ups>
- Re: Solaris /usr/bin/cu Vulnerability Konrad Rieck (Jan 19)
  - Re: Solaris /usr/bin/cu Vulnerability Michael H. Warfield (Jan 19)
    - Re: Solaris /usr/bin/cu Vulnerability Wietse Venema (Jan 22)
- Re: Solaris /usr/bin/cu Vulnerability optyx (Jan 30)
  - Re: Solaris /usr/bin/cu Vulnerability Dan Harkless (Jan 31)