Bugtraq mailing list archives
Re: OpenUNIX 8 & Unixware possible local root
From: Rob Bartlett - CPRE EMEA <rob.bartlett () Sun COM>
Date: Wed, 03 Oct 2001 17:59:13 +0100
David Cushing said:
I was able to reproduce this on a Solaris 8 sparc machine with different tolerances: [288] uname -a SunOS hostname 5.8 Generic_108528-08 sun4u sparc SUNW,Ultra-60 [289] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1083'` Segmentation Fault(coredump) [297] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x2083'` Bus Error(coredump)
Although the above is indeed the case: # uname -a SunOS hostname 5.8 Generic_108528-07 sun4u sparc SUNW,Sun-Fire # ls -l /usr/dt/bin/dtterm -r-xr-xr-x 1 bin bin 47312 Dec 2 1999 /usr/dt/bin/dtterm # egrep dtterm SUNWdtbas/pkgmap 1 f none dt/bin/dtterm 0555 bin bin 47312 21292 944116615 1 f none dt/config/dtterm.tc 0444 bin bin 696 54239 944111243 1 f none dt/config/dtterm.ti 0444 bin bin 1382 37571 944111243 This means that provided you have a default install, root compromise is not possible on Solaris 8. Regards, Rob -- Sun Microsystems CPRE-EMEA Weave a circle round him thrice, mailto: Rob.Bartlett () Sun COM And close your eyes with holy dread, Tel: +44 1276-455-299 For he on honey-dew hath fed, Mobile: +44 7710-901-702 And drunk the milk of Paradise.
Current thread:
- OpenUNIX 8 & Unixware possible local root Aycan Irican (Oct 02)
- Message not available
- Re: OpenUNIX 8 & Unixware possible local root Aycan Irican (Oct 03)
- Message not available
- <Possible follow-ups>
- RE: OpenUNIX 8 & Unixware possible local root Cushing, David (Oct 03)
- Re: OpenUNIX 8 & Unixware possible local root Rob Bartlett - CPRE EMEA (Oct 03)
- Re: OpenUNIX 8 & Unixware possible local root KF (Oct 03)
- RE: OpenUNIX 8 & Unixware possible local root Bob Dog (Oct 03)
- RE: OpenUNIX 8 & Unixware possible local root Bob Dog (Oct 03)
- Re: OpenUNIX 8 & Unixware possible local root ARAI Yuu (Oct 04)
- RE: OpenUNIX 8 & Unixware possible local root Lamont Granquist (Oct 04)
- Re: OpenUNIX 8 & Unixware possible local root Scott J (Oct 04)