Bugtraq mailing list archives
Re: Solaris patchadd(1) (3) symlink vulnerabilty
From: "Juergen P. Meier" <jpm () class de>
Date: Thu, 21 Dec 2000 12:09:31 +0100
On Thu, Dec 21, 2000 at 09:13:29AM +1100, Paul Szabo wrote:
Juergen P. Meier <jpm () class de> wrote:Solaris /usr/sbin/patchadd is a /bin/ksh script. The problem lies in the vulnerability of ksh.Damn: thus it would seem that not only sh, but also ksh is vulnerable!
seems so :(
However: Sun Microsystems does recommend to only install patches at single-user mode (runlevel S). ... ... if you follow the Vendors recommendations, you are not vulnerable.The attacker can create the symlinks before you go single-user. As the original poster Jonathan Fortin <jfortin () REVELEX COM> said:Only solution is to rm -rf /tmp/* /tmp/.* [and] make sure no users are onPaul Szabo - psz () maths usyd edu au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia
I do indeed stand corrected: The only 2 sollutions are: 1) change to single user mode by means of init S and rm -rf /tmp/* /tmp/.* 2) shutdown and boot -s into single user mode. you should do this at least once (when sun releases the shell-patches ;) have a nice day, Juergen -- Juergen P. Meier email: jpm () class de
Current thread:
- Re: Solaris patchadd(1) (3) symlink vulnerabilty, (continued)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Matthew Potter (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 19)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Dan Harkless (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Cy Schubert - ITSD Open Systems Group (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Theodoropoulos (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Jonathan Fortin (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Neulinger, Nathan R. (Dec 21)