Firewall Wizards mailing list archives

Re: Trusted Unices Aren't?

From: steve.gailey () db com
Date: Mon, 19 Oct 1998 09:16:04 +0000



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It seems that nearly nobody noticed that one of latest

vendor-initiated

bulletin for CERT (mscreen) listed SCO CMW+,

a-claimed-to-be-close-to-B2

upgrade for SCO Unix, in the list of vulnerable systems. Said to be
possible root compromise.

How can this happen? How can "a serial multiscreen utility", a

program

that should have nothing like root privileges on an MLS system, be
vulnerable _that way_?


Of course if you set CMW+ up correctly then getting root is
meaningless.

Stephen Gailey
Metronome Solutions Ltd
Steve.Gailey () metrosol co uk
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQA/AwUBNirz2hVK+Dgi6DDqEQKY/wCfRhybgIFpI98Hq9mEWNzrb6qW7gIAn1mN
WahkejDG4HdhYSvwK++zzlgc
=A8xT
-----END PGP SIGNATURE-----

Current thread:

Trusted Unices Aren't? ark (Oct 16)
- Re: Trusted Unices Aren't? Randy Taylor (Oct 16)
- <Possible follow-ups>
- Re: Trusted Unices Aren't? steve . gailey (Oct 19)
- Re: Trusted Unices Aren't? ark (Oct 23)
  - Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
    - Re: Trusted Unices Aren't? Rick Smith (Oct 28)
    - Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
    - Re: Trusted Unices Aren't? dreamwvr (Oct 29)
    - Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
  - Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
  - RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)

(Thread continues...)