Bugtraq mailing list archives
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
From: nreadwin () london micrognosis com (Neil Readwin)
Date: Tue, 15 Aug 1995 21:58:33 +0100
Michael Dilger writes:
I tried this attack on /usr/bin/ps and /usr/ucb/ps, and it works on both of them. This makes me think that more than just solaris 2.x machines are vulnerable (depending on the /tmp sticky bit).
Many things depend on the /tmp sticky bit, ps was just a convenient way to get root. crontab can be attacked to overwrite anyone's cron file when they run 'crontab -e' (Scott, if you think it's worth posting the code for this let me know) and any of the other things that stash files in /tmp can be attacked. Neil. -- nreadwin () micrognosis co uk Phone: +1 908 855 1221 x519 Anything is a cause for sorrow that my mind or body has made
Current thread:
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Michael Dilger (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Neil Readwin (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Neil Readwin (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 17)
- SunOS 4.1.x ptrace flaw Bonfield James (Aug 17)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Neil Readwin (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Adam Prato (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Brian Perkins (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Sam Quigley (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Alexander L. Haiut (Aug 16)
- /proc ps for Solaris 2.X Doug Hughes (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Brian Perkins (Aug 15)
- <Possible follow-ups>
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Thorson (Aug 15)