Bugtraq mailing list archives
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
From: adamp () mickey ovid com (Adam Prato)
Date: Tue, 15 Aug 1995 15:07:39 -0600
On Tue, 15 Aug 1995, Michael Dilger wrote:
-----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-asciiB U G T R A Q A L E R T bugtraq-alert-081495.01 [...] Scott Chasin chasin () crimelab comGood job Scott. I tried this attack on /usr/bin/ps and /usr/ucb/ps, and it works on both of them. This makes me think that more than just solaris 2.x machines are vulnerable (depending on the /tmp sticky bit). - -- Michael Dilger Michael.Dilger () Sun COM ENS, Network Security Group Sun Microsystems, Inc.
I haven't been able to get this to work. It seems that /usr/bin/ps does not create any files in /tmp. I had two windows open, one doing a while true ; do ls /tmp ; sleep 1 ; done. And the other trying this exploit. A ps.* file is never created (rather no files are created in /tmp). I accidentally left the exploit running all night and it still didn't work. /usr/ucb/ps however does create a ps_data file, but it doesnt seem to be changed by psrace. Any ideas? Also, does sun plan to release a patch, rather than making the /tmp sticky? Adam
Current thread:
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Michael Dilger (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Neil Readwin (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Neil Readwin (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 17)
- SunOS 4.1.x ptrace flaw Bonfield James (Aug 17)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Neil Readwin (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Adam Prato (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Brian Perkins (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Sam Quigley (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Alexander L. Haiut (Aug 16)
- /proc ps for Solaris 2.X Doug Hughes (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Brian Perkins (Aug 15)
- <Possible follow-ups>
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Thorson (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Patrick Hess (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)