Bugtraq mailing list archives
Re: Security Info (root broken)
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Thu, 29 Sep 1994 21:11:18 +0100 (BST)
On Thu, 29 Sep 1994 07:04:44 -0600 (CDT), Pug <pug () arlut utexas edu> said:>> This was a new >> install, and it lasted about 4 days. One person heard thru the cracker >> grapvine that root was broken thru /bin/mail. P> Did you happen to install the following, in particular 101436-02? P> Solaris 1.1.1 Patches Containing Security Fixes: P> ------------------------------------------------ P> 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch This is the patch which made the race condition *easier* to exploit than it was in the unpatched version.As I remember the race condition, you don't have a problem if you don't allow the 'r' commands into your system. The race condition created a
Sorry, this is bollocks. Its nothing to do with 'r' commands - it just happened that the exploit script used .rhosts & rsh or whatever to demonstrate the problem. The problem is that files can be created/modified anywhere in the filesystem. If you want more info, grab the original advisories from the fileserver. Heres the info: ANNOUNCING THE [8LGM] FILESERVER & MAILING LIST INFO FILESERVER: After getting flooded with requests for advisories, we've setup a fileserver to try and make things a bit easier. Unfortunately, we're not currently in a position to be able to offer or maintain an FTP site. (Thanks to those who offered us some space on their systems though!) To access the fileserver, send a message to 8lgm-fileserver () bagpuss demon co uk Eg: $ echo help | mail 8lgm-fileserver () bagpuss demon co uk The help file is included at the end of this message. We anticipate a large number of mails to this server, hence its mail is being processed on another mailqueue, which will be flushed when the load on the system is low. (bagpuss.demon.co.uk is just a PC - albeit a wonderful one - with an already heavy load). Replies will often take 24 hours, and sometimes up to 48 hours, but this will still be quicker than we were able to reply to the requests by hand. People asking for ../../../../../../../../etc/passwd will be frowned upon :-) MAILING LIST: A reminder for those not on our mailing list. The mailing list is only used for mailing advisories, there is no 'junk mail' (except this one :-)). To get on it, send mail to: 8lgm-request () bagpuss demon co uk Mail to this address is processed automatically, and you wont usually get a reply - but wherever you mail from *will* be added to the list. If you need an address adding to the list which you cannot mail from, send mail to 8lgm () bagpuss demon co uk, and we'll add it manually. ----------------------------------------------------------------------------- Here is the help file from the server: The [8lgm]-Fileserver recognises the following commands: HELP (gets you this file) LIST (lists files available) SEND filename (sends filename) QUIT Commands must be sent in the message body to 8lgm-fileserver () bagpuss demon co uk (Commands sent in the Subject: line are ignored). Multiple commands can be sent in one message. The * wildcard is understood in filename. A typical request might be: list send * quit If you have any problems, please mail to 8lgm () bagpuss demon co uk. ------------------------------------------------------------------------------ A list of files currently available: [8lgm]-Advisory-1.UNIX.rdist.23-Apr-1991 [8lgm]-Advisory-2.UNIX.autoreply.12-Jul-1991 [8lgm]-Advisory-3.UNIX.lpr.19-Aug-1991 [8lgm]-Advisory-4.UNIX.gopher.12-Feb-1992 [8lgm]-Advisory-5.UNIX.mail.24-Jan-1992 [8lgm]-Advisory-5.UNIX.mail.24-Jan-1992.PATCH [8lgm]-Advisory-6.UNIX.mail2.2-May-1994 [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 [8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX [8lgm]-Advisory-Introduction
Current thread:
- Re: Security Info (root broken), (continued)
- Re: Security Info (root broken) Perry E. Metzger (Sep 28)
- Re: Security Info (root broken) pluvius (Sep 28)
- Re: Security Info (root broken) Charles R. Hoynowski (Sep 29)
- Re: Security Info (root broken) Christopher Klaus (Sep 28)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) John Ladwig (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Casper Dik (Sep 29)
- Re: Security Info (root broken) Timothy Newsham (Sep 29)
- Old sendmail bugs Michael Neuman (Sep 29)
- Re: Security Info (root broken) Karl Strickland (Sep 29)
- Re: Security Info (root broken) Christopher Klaus (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Neil Woods (Sep 29)
- IBM AIX rlogin fix jim () Tadpole COM (Sep 28)
- security problem w/ smail james w abendschan (Sep 27)