Bugtraq mailing list archives
Re: Solaris patchadd(1) (3) symlink vulnerabilty
From: "Juan M. Courcoul" <courcoul () CAMPUS QRO ITESM MX>
Date: Wed, 20 Dec 2000 23:34:20 -0600
Paul Szabo wrote:
Juergen P. Meier <jpm () class de> wrote:Solaris /usr/sbin/patchadd is a /bin/ksh script. The problem lies in the vulnerability of ksh.Damn: thus it would seem that not only sh, but also ksh is vulnerable!However: Sun Microsystems does recommend to only install patches at single-user mode (runlevel S). ... ... if you follow the Vendors recommendations, you are not vulnerable.The attacker can create the symlinks before you go single-user. As the original poster Jonathan Fortin <jfortin () REVELEX COM> said:Only solution is to rm -rf /tmp/* /tmp/.* [and] make sure no users are on
Unless you changed the way Solaris does things, my recommendation to shut the machine down, start it up with 'boot -s' and then patch takes care of this. By default Solaris maps /tmp onto the paging area (meaning there is no physical /tmp partition), so everytime the machine restarts you get a sparking clean /tmp, with no residues from its previous life. Volia ! No symlinks... J. Courcoul
Current thread:
- Solaris patchadd(1) (3) symlink vulnerabilty Jonathan Fortin (Dec 18)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Matthew Potter (Dec 20)
- <Possible follow-ups>
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 19)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Dan Harkless (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Cy Schubert - ITSD Open Systems Group (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Theodoropoulos (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Jonathan Fortin (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Neulinger, Nathan R. (Dec 21)