Bugtraq mailing list archives
Re: Solaris 2.3-2.4 Audit Bug
From: dagostin () killerbee jsc nasa gov (John D'Agostino)
Date: Mon, 13 Feb 1995 09:31:44 -0600
At 05:45 PM 2/12/95, Christopher Klaus wrote:
I'm sorry if this has been discussed before. There is a major security problem with auditing under solaris 2.3 and 2.4. If you run bsmconv to turn on auditing, any user can break root very very easily. I'ld say more but I'ld like to give sun at least a little bit of a chance to fix it first. I have access to the source code for the os and have tracked down the one line of bad code. How can I contact Sun to tell them the problem with this line of code?????????????Send email to info () iss net with the following in the body of the message: send vendor for faq This will send you the FAQ for various vendors to get in touch with. You can also email Sun at security-alert () sun com and I am sure Mark Graff can help you. Chris --
Hey Chris, Is this going to be in our class as well? Also, has John gotten you the info about the net address ranges yet? ===================================================== / I am a peripheral visionary... \ | I can sort of see the future ok... | | It's just off to the side | |=======================================================| | NASA MOD AIS Security Engineering Team | | --==8==-- | | dagostin () killerbee jsc nasa gov (713)-282-3717) | \_________________________________ FAX: (713)-282-4922 /
Current thread:
- Re: Solaris 2.3-2.4 Audit Bug John D'Agostino (Feb 13)
- <Possible follow-ups>
- Re: Solaris 2.3-2.4 Audit Bug Mark Graff (Feb 13)