Firewall Wizards mailing list archives
Re: Trusted Unices Aren't?
From: steve.gailey () db com
Date: Mon, 19 Oct 1998 09:16:04 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It seems that nearly nobody noticed that one of latest
vendor-initiated
bulletin for CERT (mscreen) listed SCO CMW+,
a-claimed-to-be-close-to-B2
upgrade for SCO Unix, in the list of vulnerable systems. Said to be possible root compromise. How can this happen? How can "a serial multiscreen utility", a
program
that should have nothing like root privileges on an MLS system, be vulnerable _that way_?
Of course if you set CMW+ up correctly then getting root is meaningless. Stephen Gailey Metronome Solutions Ltd Steve.Gailey () metrosol co uk -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com> iQA/AwUBNirz2hVK+Dgi6DDqEQKY/wCfRhybgIFpI98Hq9mEWNzrb6qW7gIAn1mN WahkejDG4HdhYSvwK++zzlgc =A8xT -----END PGP SIGNATURE-----
Current thread:
- Trusted Unices Aren't? ark (Oct 16)
- Re: Trusted Unices Aren't? Randy Taylor (Oct 16)
- <Possible follow-ups>
- Re: Trusted Unices Aren't? steve . gailey (Oct 19)
- Re: Trusted Unices Aren't? ark (Oct 23)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Rick Smith (Oct 28)
- Re: Trusted Unices Aren't? Paul D. Robertson (Oct 29)
- Re: Trusted Unices Aren't? dreamwvr (Oct 29)
- Re: Trusted Unices Aren't? Gordon Greene (Oct 29)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- Re: Trusted Unices Aren't? Joseph S. D. Yao (Oct 27)
- Re: Trusted Unices Aren't? Jeremy Epstein (Oct 23)
- RE: Trusted Unices Aren't? Gregory Perry (Oct 28)
- Re: Trusted Unices Aren't? ark (Oct 23)