Bugtraq mailing list archives
Re: Security Info (root broken)
From: pug () arlut utexas edu (Pug)
Date: Thu, 29 Sep 1994 14:21:53 -0600 (CDT)
P> Did you happen to install the following, in particular 101436-02? P> Solaris 1.1.1 Patches Containing Security Fixes: P> ------------------------------------------------ P> 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch This is the patch which made the race condition *easier* to exploit than it was in the unpatched version.
Yes, and after getting another copy of the exploit script, it's been pointed out that the race condition can write to ANY file. Btw, does anyone know if there is a similar race condition on Solaris 2.x? Ciao, -- Richard Bainter Mundanely | System Analyst - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug () arlut utexas edu | pug () bga com Note: The views may not reflect my employers, or even my own for that matter.
Current thread:
- Re: Security Info (root broken), (continued)
- Re: Security Info (root broken) Christopher Klaus (Sep 28)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) John Ladwig (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Casper Dik (Sep 29)
- Re: Security Info (root broken) Timothy Newsham (Sep 29)
- Old sendmail bugs Michael Neuman (Sep 29)
- Re: Security Info (root broken) Karl Strickland (Sep 29)
- Re: Security Info (root broken) Christopher Klaus (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Neil Woods (Sep 29)
- IBM AIX rlogin fix jim () Tadpole COM (Sep 28)
- security problem w/ smail james w abendschan (Sep 27)