Bugtraq mailing list archives

flaw in dmesg under Solaris

From: echo8 () HOBBITON ORG (echo8)
Date: Tue, 9 Nov 1999 13:22:01 -0600


Under all versions of Solaris prior to 2.7, and under 2.7 prior to patch
106541-07, /usr/sbin/dmesg, when called with the "-" argument, creates
/var/adm/msgbuf owned and writeable by the user who ran the utility, assuming
that the file didn't already exist (it won't until someone runs dmesg -). Once
the file exists, "dmesg -" will not work properly for any other user, and the
file remains, onwed by the user who called the utility.

Under Solaris 2.7, patch 106541-07 addresses the problem by replacing
/usr/sbin/dmesg with a shell script which breaks the functionality of the "-"
argument entirely.

Obviously, Sun is aware of the problem, but I spoke to them on 9/21/99 to
open a service order and get a bugid assigned. I've heard nothing since
then.

Current thread:

vwxploit.c unix port, (continued)
- - vwxploit.c unix port Sebastian (Nov 08)
- Windows NT Spooler Service. Avri Schneider (Nov 07)
- [w00giving '99 #2] IMAIL POP server Shok (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Blue Boar (Nov 07)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Jefferson Ogata (Nov 08)
- MS Outlook alert : Cuartango Active Setup Elias Levy (Nov 08)
  - BigIP - bigconf.cgi holes Guy Cohen (Jun 13)
  - Re: MS Outlook alert : Cuartango Active Setup David LeBlanc (Nov 08)
  - Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Mark (Nov 08)
    - Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
    - flaw in dmesg under Solaris echo8 (Nov 09)
    - Re: Insecure handling of NetSol maintainer passwords Jefferson Ogata (Nov 09)
    - Re: Insecure handling of NetSol maintainer passwords pedward () WEBCOM COM (Nov 10)
    - Re: Insecure handling of NetSol maintainer passwords Trevor Schroeder (Nov 10)
    - networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
    - [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
    - Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)
  - Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability Ussr Labs (Nov 08)
  - FreeBSD 3.3's seyon vulnerability Brock Tellier (Nov 08)
    - Re: FreeBSD 3.3's seyon vulnerability Bill Fumerola (Nov 09)
  - Re: MS Outlook alert : Cuartango Active Setup Bronek Kozicki (Nov 09)

(Thread continues...)