Bugtraq mailing list archives

Re: IRIX 5.3 chost

From: nickless () MCS ANL GOV (Bill Nickless)
Date: Mon, 12 Aug 1996 18:47:52 -0500

I just installed patch 1096 on a 5.3 system here and I am still able to
get in through the chost security hole.  So I'm pretty sure the patch
doesn't plug the hole.


Interesting.  I tried again on another 5.3 system and still couldn't get
the exploit to work.

Did you follow these steps in the patch release notes before trying the
exploit again?

         5.  To start running the objectserver software installed
             by this patch, objectserver needs to be restarted.
             This can be done by giving the following commands:
             /etc/init.d/cadmin stop; /etc/init.d/cadmin clean;
             /etc/init.d/cadmin start
--
Bill Nickless            nickless () mcs anl gov           +1 630 252 7390

Current thread:

Re: Tracking tools?, (continued)
- - - Re: Tracking tools? neill (Aug 15)
    - Re: Tracking tools? Tracy R. Reed (Aug 15)
    - SGI Security Advisory 19960801-01-PX, SGI Security Coordinator (Aug 17)
    - CERT Advisory CA-96.19 - Vulnerability in expreserve Pete Ashdown (Aug 15)
    - Re: CERT Advisory CA-96.19 - Vulnerability in expreserve Casper Dik (Aug 18)
    - Re: Tracking tools? Greg Miller (Aug 15)
    - Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
    - Re: mail storm Darrell Fuhriman (Aug 13)
    - Re: mail storm Ed Arnold (Aug 14)
    - list mail meta-question der Mouse (Aug 13)
- Re: IRIX 5.3 chost Bill Nickless (Aug 12)
- Re: IRIX 5.3 chost Vern Hart (Aug 12)
- Re: IRIX 5.3 chost Bill Nickless (Aug 12)
- Re: IRIX 5.3 chost Bill Nickless (Aug 13)
- Re: IRIX 5.3 chost Bill Nickless (Aug 14)
  - Re: IRIX 5.3 chost Neil J Long (Aug 16)
  - Live playback of tcpdump data Ficus Kirkpatrick (Aug 17)
    - Re: Live playback of tcpdump data pc (Aug 18)