Bugtraq mailing list archives
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
From: chasin () CRIMELAB COM (Scott Chasin)
Date: Fri, 18 Aug 1995 10:03:33 MDT
[casper () HOLLAND SUN COM wrote]:
Just to add my two cents to the discussion: - this is a known problem
So why wasn't it more publically announced. Sun could easily have issued a new binary very publically and without saying what they had fixed.
Mark Graff relayed to me that Sun has known about this for about 2 weeks or so. [casper () HOLLAND SUN COM wrote]:
- it is fixed in 2.5 (by using fchown, not chown, both versions of ps)
Apparently this is *NOT* fixed in the 2.5 release. At least not the copy I have. And I believe someone else has contested to this fact as well.
So why didnt you tell people instead of negligently leaving them exposed
This is the old full-disclosure debate. I don't think we should be getting into this here.
Otherwise known as the majority of people who are less technically clued up. Vendors need to improve their methods. Alan
--Scott chasin () crimelab com
Current thread:
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability, (continued)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Patrick Hess (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Scott Chasin (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Darren Reed (Aug 17)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Casper Dik (Aug 17)
- BUGTRAQ ALERT: Solaris 2.x Arve Kjoelen (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability System Administrator (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability David Rukshin (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Scott Chasin (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Mark Graff (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Paul Ashton (Aug 18)