Bugtraq mailing list archives
Re: Solaris 2.6, 7, 8
From: Sebastian <scut () nb in-berlin de>
Date: Fri, 4 Oct 2002 08:42:24 +0200
Hi. On Wed, Oct 02, 2002 at 12:00:38PM -0400, buzheng wrote:
But, the remote setting of TTYPROMPT does matter. you can not succeed in login without remotely changing the TTYPROMPT. This is also the bug mentioned in Jonathan's original letter (bid:5531).
Which is plain wrong. This may be true for the 64 times " c" method, but in the generic case it does not matter. The second bug in login, where login walks out of a 64 (char *) array can be exploited remotely to gain root privileges even if you cannot login as root legally and even if you do not touch TTYPROMPT at all.
If you have applied patches for these 2 bugs, you are safe now.
And everybody should have done so since November 2001.
-- bu,zheng <buzheng2001 () yahoo com>
ciao, Sebastian -- -. scut () nb in-berlin de -. + http://segfault.net/~scut/ `--------------------. -' segfault.net/~scut/pgp `' 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07 `- project grasp infiltrated, phantom works falling. hi echelon! ------------'
Current thread:
- Solaris 2.6, 7, 8 Jonathan S (Oct 02)
- Re: Solaris 2.6, 7, 8 Dave Ahmad (Oct 02)
- Re: Solaris 2.6, 7, 8 buzheng (Oct 02)
- Re: Solaris 2.6, 7, 8 tb0b (Oct 03)
- Re: Solaris 2.6, 7, 8 Marco Ivaldi (Oct 03)
- Re: Solaris 2.6, 7, 8 Sebastian (Oct 05)
- Re: Solaris 2.6, 7, 8 Christopher X. Candreva (Oct 02)
- Re: Solaris 2.6, 7, 8 Gert-Jan Hagenaars (Oct 03)
- Re: Solaris 2.6, 7, 8 buzheng (Oct 02)
- Re: Solaris 2.6, 7, 8 Ido Dubrawsky (Oct 03)
- Re: Solaris 2.6, 7, 8 Ramon Kagan (Oct 03)
- Re: Solaris 2.6, 7, 8 Roy Kidder (Oct 03)
- Re: Solaris 2.6, 7, 8 Ramon Kagan (Oct 03)
- <Possible follow-ups>
- RE: Solaris 2.6, 7, 8 Sinan Eren (Oct 02)
- Re: Solaris 2.6, 7, 8 Dan Diamond (Oct 03)
- RE: Solaris 2.6, 7, 8 Morgan (Oct 04)
- Re: Solaris 2.6, 7, 8 Dave Ahmad (Oct 02)