Bugtraq mailing list archives
Re: To kill a sun:
From: pnash () HANSHAN BBNPLANET COM (Paul Nash)
Date: Mon, 15 Dec 1997 09:58:06 -0500
It appears that sunkill.c does not have any appreciable affect on a Solaris 2.5.1 system when they are running the MIT Kerberos v5 1.0.4 suite of network authentication utilities (telnetd, rlogind, etc...) whether the machine is a sun4m machine on le0 (10Mb/s ethernet), a sun4u machine on hme0 (100Mb/s ethernet), or a Solarisx86 2.5.1 machine on de0 (10Mb/s ethernet). uname's below w/ patchlevels.
Of note, Wieste Venema's telnetd (included in his logdaemon package) is immune to this attack.
From the README:
telnetd pretty dumb BSD 4.3 telnetd. No access control or logging, but compatible with SunOS 4.x, Ultrix 4.x, SunOS 5.x. Relatively poor in features (no environment passing) so there is less risks of surprises. This just might be the quickfix people are looking for. You can find it at: ftp://ftp.win.tue.nl/pub/security/logdaemon-5.6.tar.gz -Paul ------ Paul Nash GTE Internetworking - Powered by BBN 617 873 6604
Current thread:
- Re: To kill a sun:, (continued)
- Re: To kill a sun: David LeBlanc (Dec 13)
- Re: To kill a sun: James Lockwood (Dec 14)
- Vulnerabilities in ICQ Alan Cox (Dec 14)
- Re: Vulnerabilities in ICQ Seth McGann (Dec 14)
- Re: Vulnerabilities in ICQ Solar Designer (Dec 16)
- Re: Vulnerabilities in ICQ Arik Vardi (Dec 15)
- Re: Vulnerabilities in ICQ Seth McGann (Dec 14)
- Sun killer - NT port Aleph One (Dec 14)
- Re: To kill a sun: Craig Johnston (Dec 14)
- Re: To kill a sun: Robert Sink (Dec 14)
- Re: To kill a sun: Darren Reed (Dec 14)
- Re: To kill a sun: Paul Nash (Dec 15)