Bugtraq mailing list archives

Re: Security Info (root broken)

From: neil () legless demon co uk (Neil Woods)
Date: Fri, 30 Sep 1994 00:53:45 +0100 (GMT+0100)

    P> Did you happen to install the following, in particular 101436-02?
    P> Solaris 1.1.1 Patches Containing Security Fixes:
    P> ------------------------------------------------
    P> 101436-02   SunOS 4.1.3_U1: bin/mail jumbo patch
This is the patch which made the race condition *easier* to exploit
than it was in the unpatched version.


Yes, and after getting another copy of the exploit script, it's been
pointed out that the race condition can write to ANY file.

Btw, does anyone know if there is a similar race condition on Solaris
2.x?


Yes this is the case, judging from trace output I've seen.

Cheers,

Neil

-- 
Bull in the Heather, Me and My Charms, The Lights, Sensual World, Go, Ritual,
Handsome and Gretel, Take Me, Blue Room, Drunken Butterfly, She's Lost Control.

        ...like a badger with an afro throwing sparklers at the Pope...

Current thread:

Re: Security Info (root broken), (continued)
- - - Re: Security Info (root broken) Pug (Sep 29)
    - Re: Security Info (root broken) John Ladwig (Sep 29)
    - Re: Security Info (root broken) Pug (Sep 29)
    - Re: Security Info (root broken) Casper Dik (Sep 29)
    - Re: Security Info (root broken) Timothy Newsham (Sep 29)
    - Old sendmail bugs Michael Neuman (Sep 29)
    - Re: Security Info (root broken) Karl Strickland (Sep 29)
    - Re: Security Info (root broken) Christopher Klaus (Sep 29)
    - Re: Security Info (root broken) Pug (Sep 29)
    - Re: Security Info (root broken) Pug (Sep 29)
    - Re: Security Info (root broken) Neil Woods (Sep 29)
    - IBM AIX rlogin fix jim () Tadpole COM (Sep 28)
    - security problem w/ smail james w abendschan (Sep 27)
- Re: setuid scripts in SunOS 4.1.x *Hobbit* (Sep 25)