Re: Solaris 2.3-2.4 Audit Bug

[dagostin () killerbee jsc nasa gov (John D'Agostino)]

At 05:45 PM 2/12/95, Christopher Klaus wrote:
> > I'm sorry if this has been discussed before.
> >
> > There is a major security problem with auditing under solaris 2.3
> > and 2.4.  If you run bsmconv to turn on auditing, any user can
> > break root very very easily.  I'ld say more but I'ld like to give
> > sun at least a little bit of a chance to fix it first.
> >
> > I have access to the source code for the os and have tracked down
> > the one line of bad code.  How can I contact Sun to tell them the
> > problem with this line of code?????????????
>
> Send email to info () iss net with the following in the body of the message:
>
> send vendor for faq
>
> This will send you the FAQ for various vendors to get in touch with.
>
> You can also email Sun at security-alert () sun com and I am sure Mark Graff
> can help you.
>
> Chris
>
> -- 
Hey Chris, 
Is this going to be in our class as well? Also, has John gotten you the info 
about the net address ranges yet?
  =====================================================
/            I am a peripheral visionary...             \
|          I can sort of see the future ok...           |
|             It's just off to the side                 |
|=======================================================|
|      NASA MOD AIS Security Engineering Team           |
|                      --==8==--                        |
|      dagostin () killerbee jsc nasa gov  (713)-282-3717) |
\_________________________________ FAX: (713)-282-4922  /