Bugtraq mailing list archives
Re: Solaris 2.3-2.4 Audit Bug
From: cklaus () shadow net (Christopher Klaus)
Date: Sun, 12 Feb 1995 17:45:08 -0500 (EST)
I'm sorry if this has been discussed before. There is a major security problem with auditing under solaris 2.3 and 2.4. If you run bsmconv to turn on auditing, any user can break root very very easily. I'ld say more but I'ld like to give sun at least a little bit of a chance to fix it first. I have access to the source code for the os and have tracked down the one line of bad code. How can I contact Sun to tell them the problem with this line of code?????????????
Send email to info () iss net with the following in the body of the message: send vendor for faq This will send you the FAQ for various vendors to get in touch with. You can also email Sun at security-alert () sun com and I am sure Mark Graff can help you. Chris -- Christopher William Klaus Voice: (404)441-2531. Fax: (404)441-2431 Internet Security Systems, Inc. Computer Security Consulting 2000 Miller Court West, Norcross, GA 30071
Current thread:
- Re: IFS, (continued)
- Re: SUID shell scripts, questions? David A. Wagner (Feb 10)
- Re: SUID shell scripts, questions? Peter Wemm (Feb 11)
- Returned mail: Cannot send message for 2 days Mail Delivery Subsystem (Feb 11)
- Re: SUID shell scripts, questions? Casper Dik (Feb 11)
- Solaris 2.3-2.4 Audit Bug Dow Summers (Feb 11)
- Re: Solaris 2.3-2.4 Audit Bug Christopher Klaus (Feb 12)
- Re: SUID shell scripts, questions? Peter Wemm (Feb 11)