Bugtraq mailing list archives

Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm]

From: Kevin.L.Prigge-2 () tc umn edu (Kevin L Prigge)
Date: Thu, 5 Dec 1996 16:15:20 -0600


Kevin L Prigge said:

Problem: Vulnerabilities in /usr/vmsys/bin/chkperm
Platform: Solaris 2.4, 2.5, 2.5.1, other System V derived
          systems with the FACE package installed


We have since learned that this has been fixed in 2.5 and above. There
is still the problem of creating a file owner bin, group bin
in the current directory with a filename made up of unprintable
characters. This is probably poor error handling rather than
a security problem.


Kevin Prigge   <klp () tc umn edu>
John Ladwig    <jladwig () soils umn edu>

--
Kevin L. Prigge                     | Some mornings, it's just not worth
Systems Software Programmer         | chewing through the leather straps.
Internet Enterprise - OIT           | - Emo Phillips
University of Minnesota             |

Current thread:

Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Terrell Thacker (Dec 05)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Paul B. Henson (Dec 05)
- SGI Security Advisory 19961201-01-PX - Desktop searchbook Program SGI Security Coordinator (Dec 05)
- suid_exec problem clarification Yuri Volobuev (Dec 05)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Nikolai Matyushenko (Dec 06)
  - Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Paul B. Henson (Dec 06)
  - New INN security problems Chris Timmons (Dec 06)
  - suid_exec Javier Romeu (Dec 06)
- <Possible follow-ups>
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Kevin L Prigge (Dec 05)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Paul Ashton (Dec 06)
  - Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Casper Dik (Dec 06)