Bugtraq mailing list archives
Re: another /usr/dt/bin/dtappgather feature!
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Mon, 9 Nov 1998 20:44:12 +0100
The problem with DTUSERSESSION was already posted on last Feb 24; and by then, the "Solaris dtappgather patch" fixed the DTUSERSESSION but not the link (directory permissions) problem, which probably is fixed by the other patch on 2.5.x. So, at least Solaris 2.6 (sparc) with recent patches is not vulnerable.
The problem is patched with both the dtappgather and dtlogin patches to Solaris 2.5.1/2.6 (and presumably 2.5 as well). You need to apply both and restart dtlogin. I'm not sure, but you might even need to rm -rf /var/dt before restarting dtlogin, but it seems it will fix up the permissions on startup. Casper
Current thread:
- Re: another /usr/dt/bin/dtappgather feature!, (continued)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 04)
- Possible mail spool problem signal (Nov 04)
- Re: Possible mail spool problem CyberPsychotic (Nov 05)
- Re: Possible mail spool problem Conrad Juleff (Nov 05)
- various *lame* DoS attacks Conrad Juleff (Nov 05)
- Re: various *lame* DoS attacks puppet (Nov 07)
- Sendmail DoS (was: Re: various *lame* DoS attacks) net.ikon (Nov 12)
- Possible mail spool problem signal (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Ben Collins (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Scott Cromar (Nov 05)
- Re: another /usr/dt/bin/dtappgather feature! J.A. Gutierrez (Nov 06)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 09)
- Sun Security Bulletin #00178 joshua grubman (Nov 09)
- XFree86 3.3.2's setup tool /tmp race Adrian Voinea (Nov 08)
- Secure-linux patch Ernst Jan Plugge (Nov 05)
- Re: quakeworld/win32 DoS Alexander Sanda (Nov 05)
- Re: another /usr/dt/bin/dtappgather feature! Paolo Amendola (Nov 06)