Bugtraq mailing list archives
Re: Solaris 2.3-2.4 Audit Bug
From: Mark.Graff () Eng Sun COM ( Mark Graff )
Date: Mon, 13 Feb 1995 10:07:44 -0800
Dow, The answer to your question is that we maintain a mail alias, security-alert () sun com, to receive reports like this; and any of the Answer Centers world-wide, I believe, would accept such a report as well. This sounds like the same bug we are about to release a patch for. It's our policy to have patches available for all of the affected platforms, then announce the bug and the patches together. I will contact you privately for details, then put a followup note here within a day or two. Mark G. Graff 415-688-9151 security-alert () sun com From owner-bugtraq () fc net Sat Feb 11 15:30:11 1995 Subject: Solaris 2.3-2.4 Audit Bug To: bugtraq () fc net Date: Sat, 11 Feb 1995 16:55:32 -0600 (CST) Precedence: bulk I'm sorry if this has been discussed before. There is a major security problem with auditing under solaris 2.3 and 2.4. If you run bsmconv to turn on auditing, any user can break root very very easily. I'ld say more but I'ld like to give sun at least a little bit of a chance to fix it first. I have access to the source code for the os and have tracked down the one line of bad code. How can I contact Sun to tell them the problem with this line of code????????????? --- dowiii () ksu ksu edu Dow Summers Computing and Network Services Kansas State University
Current thread:
- Re: Solaris 2.3-2.4 Audit Bug John D'Agostino (Feb 13)
- <Possible follow-ups>
- Re: Solaris 2.3-2.4 Audit Bug Mark Graff (Feb 13)