Bugtraq mailing list archives
Re: Solaris patchadd(1) (3) symlink vulnerabilty
From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Tue, 19 Dec 2000 17:55:48 -0800
Paul Szabo <psz () MATHS USYD EDU AU> writes:
Jonathan Fortin <jfortin () REVELEX COM> wrote:When patchadd is executed, It creates a temporary file called "/tmp/sh<pidofpatchadd>.1" , "/tmp/sh<pidofpatchadd>.2 , "/tmp/sh<pidofpatchadd>.3 and assigns them mode 666 ...I guess that patchadd is a "sh" script using the "<<" construct, this being an instance of the bug I reported recently: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200011230225.NAA19716 () milan maths usyd edu au This is essentially the same as the tcsh bug fixed recently in other OSs.
Speaking of which, I wonder if Sun has any plans to upgrade the tcsh 6.09.00 they provide with Solaris 8 to fix the << vulnerability. Based on a grep of the Dec 17 Solaris8.PatchReport, they still haven't gotten with the program and fixed tcsh like the other vendors did some time ago. ---------------------------------------------------------------------- Dan Harkless | To prevent SPAM contamination, please dan-bugtraq () dilvish speed net | do not mention this private email SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
Current thread:
- Solaris patchadd(1) (3) symlink vulnerabilty Jonathan Fortin (Dec 18)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Matthew Potter (Dec 20)
- <Possible follow-ups>
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 19)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Dan Harkless (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Cy Schubert - ITSD Open Systems Group (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Theodoropoulos (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Jonathan Fortin (Dec 21)