Bugtraq mailing list archives
Re: Solaris /usr/bin/cu Vulnerability
From: Casper Dik <Casper.Dik () HOLLAND SUN COM>
Date: Fri, 19 Jan 2001 17:46:40 +0100
If i look at the output of find / -user uucp -xdev -ls on a freshly installed and patched solaris7, this seems enough for me to r00t the box. # find / -user uucp -xdev -ls 188616 55 -rws--x--x 1 uucp bin 56240 Jan 9 06:39 /usr/bin/tip 188741 8 -r-xr-xr-x 1 uucp uucp 8188 Sep 1 1998 /usr/bin/uudecode 188742 8 -r-xr-xr-x 1 uucp uucp 7224 Sep 1 1998 /usr/bin/uuencode 123841 0 -rw------- 1 uucp bin 0 Jan 17 15:54 /var/adm/aculog 300661 1 drwxr-xr-x 2 uucp uucp 512 Jan 19 08:28 /var/spool/locks 276741 0 crw------- 1 uucp uucp 29,131072 Jan 17 16:16 /devices/sbus@1f,0/zs@f,110000
0:a,cu
276742 0 crw------- 1 uucp uucp 29,131073 Jan 17 16:16 /devices/sbus@1f,0/zs@f,110000
0:b,cu
(the 2 devices are /dev/term/a and /dev/term/b ...)
In Solaris 8 we have changed the ownership of the binaries to root, except those that are set-uid uucp. Uucp configuration and tip are still uucp owned. Casper
Current thread:
- Solaris /usr/bin/cu Vulnerability Pablo Sor (Jan 18)
- Re: Solaris /usr/bin/cu Vulnerability Tomas Cibulka (Jan 18)
- Re: Solaris /usr/bin/cu Vulnerability Juergen P. Meier (Jan 19)
- Re: Solaris /usr/bin/cu Vulnerability Casper Dik (Jan 22)
- Re: Solaris /usr/bin/cu Vulnerability Juergen P. Meier (Jan 19)
- Solaris /usr/bin/cu Vulnerability hal King (Jan 23)
- Re: Solaris /usr/bin/cu Vulnerability Dan Harkless (Jan 30)
- <Possible follow-ups>
- Re: Solaris /usr/bin/cu Vulnerability Konrad Rieck (Jan 19)
- Re: Solaris /usr/bin/cu Vulnerability Michael H. Warfield (Jan 19)
- Re: Solaris /usr/bin/cu Vulnerability Wietse Venema (Jan 22)
- Re: Solaris /usr/bin/cu Vulnerability Michael H. Warfield (Jan 19)
- Re: Solaris /usr/bin/cu Vulnerability optyx (Jan 30)
- Re: Solaris /usr/bin/cu Vulnerability Dan Harkless (Jan 31)
- Re: Solaris /usr/bin/cu Vulnerability Tomas Cibulka (Jan 18)