Bugtraq mailing list archives
Re: Solaris 2.6, 7, 8
From: Marco Ivaldi <raptor () 0xdeadbeef eu org>
Date: Wed, 2 Oct 2002 21:42:04 +0200 (CEST)
On Wed, 2 Oct 2002, buzheng wrote:
I do not think this is a new bug.
I completely agree.
But, the remote setting of TTYPROMPT does matter. you can not succeed in login without remotely changing the TTYPROMPT. This is also the bug mentioned in Jonathan's original letter (bid:5531).
That's why this bug is not exploitable using remote applications like rlogin, ssh (at least if you are not crazy enough to enable UseLogin option) or X.25 pad: rlogin and pad aren't able to pass env vars others than TERM, while ssh normally don't uses /bin/login for user authentication.
If you have applied patches for these 2 bugs, you are safe now. BTW: you can change multiple "c "s to "a=b"s, actually, since SYS V login treat " " as environ var separator, you can also use >=64 words separated by " " or "\t". they will all work.
Agreed as well. :raptor Antifork Research, Inc. ITBH Italian Black Hats http://www.0xdeadbeef.eu.org http://elite.blackhats.it
Current thread:
- Solaris 2.6, 7, 8 Jonathan S (Oct 02)
- Re: Solaris 2.6, 7, 8 Dave Ahmad (Oct 02)
- Re: Solaris 2.6, 7, 8 buzheng (Oct 02)
- Re: Solaris 2.6, 7, 8 tb0b (Oct 03)
- Re: Solaris 2.6, 7, 8 Marco Ivaldi (Oct 03)
- Re: Solaris 2.6, 7, 8 Sebastian (Oct 05)
- Re: Solaris 2.6, 7, 8 Christopher X. Candreva (Oct 02)
- Re: Solaris 2.6, 7, 8 Gert-Jan Hagenaars (Oct 03)
- Re: Solaris 2.6, 7, 8 buzheng (Oct 02)
- Re: Solaris 2.6, 7, 8 Ido Dubrawsky (Oct 03)
- Re: Solaris 2.6, 7, 8 Ramon Kagan (Oct 03)
- Re: Solaris 2.6, 7, 8 Roy Kidder (Oct 03)
- Re: Solaris 2.6, 7, 8 Ramon Kagan (Oct 03)
- <Possible follow-ups>
- RE: Solaris 2.6, 7, 8 Sinan Eren (Oct 02)
- Re: Solaris 2.6, 7, 8 Dan Diamond (Oct 03)
- RE: Solaris 2.6, 7, 8 Morgan (Oct 04)
- Re: Solaris 2.6, 7, 8 Dave Ahmad (Oct 02)