Bugtraq mailing list archives
Security flaw in either DIT TransferPro or Solaris
From: scott () LACKLUSTER NET (The Man)
Date: Mon, 5 Jan 1998 00:57:33 -0800
*sigh* About a week ago I was looking around for a method to access my MO drive in Solaris and found a program called TransferPro from a place called DIT. I downloaded and installed the package, and just used tar to access the media since I didn't really need it for much else. While fiddling with my MO drive, I made a typo and accidentally specified /dev/rff0a as the tape device, rather than rff5a, which was my MO. It horked my disk on target 0, and I had to reinstall. I was *sure* that I was using tar as a normal user, so after I reinstalled Solaris I investigated the permissions on what this TransferPro package installed. It installs a device driver used for accessing the removable media--ff is the name. All of the devices that it installs are created with the permissions 0666. The ff driver works with normal disks, too, and that's why I was able to screw up my disk on target 0. (For some reason the tar also screwed up my disklabel, hence messing up the whole disk.) Observe: scott@tempe:~$ ls -l /devices/sbus\@1,f8000000/esp\@0,800000/ff\@0,0\:a,0,* brw-rw-rw- 1 root sys 56, 0 Jan 4 23:53 /devices/sbus@1,f8000000/esp@0,800000/ff@0,0:a,0,blk crw-rw-rw- 1 root sys 56, 0 Jan 4 23:53 /devices/sbus@1,f8000000/esp@0,800000/ff@0,0:a,0,raw They should, of course, be mode 0640. I'm not sure if this is Solaris's fault or the fault of this package. But no matter whose fault it is, it's quite nasty.:) I'm using Solaris 2.6. Scott -- Scott Smith scott () lackluster net Mail received via UUCP, read with Mutt, and composed with vi on NetBSD-1.2G.
Current thread:
- Security flaw in either DIT TransferPro or Solaris The Man (Jan 05)
- Re: Security flaw in either DIT TransferPro or Solaris The Man (Jan 07)
- NetWare NFS Andrew J. Anderson (Jan 08)
- New DOS exploit for NT and Win95 (CONFIRMED?) Aleph One (Jan 08)
- bonk.c Aleph One (Jan 08)
- Re: bonk.c Jord Sonneveld (Jan 10)
- riptrace.c Aleph One (Jan 08)
- Re: riptrace.c Christopher Masto (Jan 08)
- Re: riptrace.c Alfred Huger (Jan 08)
- Nifty Security hole on Several NT Based Web Servers Aleph One (Jan 09)
- Re: riptrace.c Theo de Raadt (Jan 09)
- Re: riptrace.c Christopher Masto (Jan 08)