Bugtraq mailing list archives
Re: Solaris mailx hole
From: andy () bigdog fred net (Andy Dills)
Date: Wed, 3 Jul 1996 13:11:07 -0400
On Wed, 3 Jul 1996, Dave Roberts wrote:
On Tue, 2 Jul 1996, Andy Dills wrote:It's a very very old hole in /bin/mail that allows race conditions in which .rhosts files can be created... I would have thought this was fixed by 2.5, but it wasn't. My boss just a few minutes ago exploited it on a sol2.5 machine.Hmmm, dunno how he did that. I have 2.5 on an UltraServer1, I haven't even got round to installing any patches yet - it's straight off the CD (HW 1/96 edition), and the script didn't work at all. I tried it about 10 times, and failed to win the race condition every time, the user targeted just received the mail.
Yeah, I let it run all night and even ran some programs to help "cheat" the race condition, but all it would ever do is write the file and link it, it would never make the file non 0 length. When I first mailed about it, I just saw the output and didn't bother to check into that far. Andy
Dave Roberts | "Surfing the Internet" is a sad term for sad people. Unix Systems Admin | Get a board, find a beach, surf some REAL waves and SAA Consultants Ltd | get a *real* life. Plymouth, U.K. | -=[For PGP Key, send mail with subject of "get pgp"]=-
-----/'[/'[/'[Andy Dills]'\]'\]'\----- "Founding member of the Frednet.Support" Phear the big BEAVIS! "_THIS_ is my BOOM stick!!!!" -- That Guy from Army of Darkness Work:andy () fred net---------->(BOFH)<--------Play:andy () beavis net All things BSDish. If it's not BSDish, it's CRAP! Andy's Made Up Quote of The Week: "To understand solaris2.5, one must suffer and RTFM."
Current thread:
- Solaris mailx hole Marc Mosko/jfrank/us (Jun 30)
- Re: Solaris mailx hole Andy Dills (Jul 01)
- Re: Solaris mailx hole Casper Dik (Jul 02)
- Re: Solaris mailx hole Andy Dills (Jul 02)
- CD4300 series BUG DANIEL .D .EZEKIEL (Jul 02)
- Re: BoS: Re: Solaris mailx hole Travis Hassloch x231 (Jul 02)
- Re: Solaris mailx hole Dave Roberts (Jul 03)
- Re: Solaris mailx hole Andy Dills (Jul 03)
- [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 [Forwarded e-mail from Jeff Uphoff (Jul 03)
- BoS: *** SECURITY ALERT *** (fwd) Michael Brennen (Jul 03)
- BoS: *** SECURITY ALERT *** (fwd) Mark_W_Loveless () smtp bnr com (Jul 04)
- IIS bug test Paolo Taraboi (Jul 04)
- IMAPD security problems ? Zvi Bar-Deroma (Jul 04)
- Re: IMAPD security problems ? Ian MacPhedran (Jul 04)
- Re: Solaris mailx hole Casper Dik (Jul 02)
- Re: Solaris mailx hole Andy Dills (Jul 01)
- <Possible follow-ups>
- Re: Solaris mailx hole Josef Buergler (Jul 02)
- Re: Solaris mailx hole Rick Otten (Jul 03)