Full Disclosure mailing list archives
[kbelanger () logicon ca: [VulnWatch] vuln in login under solaris]
From: len () netsys com (Len Rose)
Date: Thu, 5 Sep 2002 19:11:56 -0400
This is bullshit. I tested this using Solaris 8 just now. I tested it with both Solaris 8 sparc and Solaris 8 intel. How can you let this pass, you're a moderated list. ----- Forwarded message from Keven Belanger <kbelanger () logicon ca> ----- Received: from vikki.vulnwatch.org ([199.233.98.101]) by netsys.com (8.11.6/8.11.6) with SMTP id g85G2CK19967 for <len () netsys com>; Thu, 5 Sep 2002 12:02:12 -0400 (EDT) Received: (qmail 24111 invoked by alias); 5 Sep 2002 16:46:11 -0000 Mailing-List: contact vulnwatch-help () vulnwatch org; run by ezmlm Precedence: bulk List-Post: <mailto:vulnwatch () vulnwatch org> List-Help: <mailto:vulnwatch-help () vulnwatch org> List-Unsubscribe: <mailto:vulnwatch-unsubscribe () vulnwatch org> List-Subscribe: <mailto:vulnwatch-subscribe () vulnwatch org> Delivered-To: mailing list vulnwatch () vulnwatch org Delivered-To: moderator for vulnwatch () vulnwatch org Received: (qmail 18991 invoked from network); 5 Sep 2002 16:18:35 -0000 X-Authentication-Warning: avd.Logicon.CA: mail set sender to <kbelanger () logicon ca> using -f X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C254F1.0C94CFE9" Date: Thu, 5 Sep 2002 11:29:39 -0400 Message-ID: <E32C9069AF5CBC44ABDDDF0D3E1C0735292143 () srv-vd-dc01 logicon ca> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: vuln in login under solaris Thread-Index: AcJU8QwqfnT+ZTzPTtm8WFZxYxpWuQ== Sensitivity: Company-Confidential From: "Keven Belanger" <kbelanger () logicon ca> To: <vulnwatch () vulnwatch org> Subject: [VulnWatch] vuln in login under solaris Name : Keven Belanger E-mail : kbelanger () logicon ca Phone / fax : (819) 825-8049 x7717 Affiliation and address: Logicon inc. 100, des Distributeurs Val-d'Or (Quebec) Canada J9P 6Y1 Have you reported this to the vendor? yes If so, please let us know whom you've contacted: Date of your report : September 05, 2002 Vendor contact e-mail : security-alert () sun com CERT have been advised too... Please describe the vulnerability. --------------------------------- Unlike other unix based OS, when Solaris authenticate the user it let the user came in even if the password is not really "correct" Let me explain: My username is sysadmin My password is qwerty If I log on with sysadmin/qwerty it work If I log on with sysadmin/qwert123 it work too! We can add any caracter after the currect password and it work!! What is the impact of this vulnerability? ---------------------------------------- (For example: local user can gain root/privileged access, intruders can create root-owned files, denial of service attack, etc.) a) What is the specific impact: User can gain root access b) How would you envision it being used in an attack scenario: User can gain root access via brute force password attack If the attacker try 8 caracter brute force attack it will for for password that have less that 8 caracter too, so it can gain root access faster. He don't have to try password with 1, 2, 3, 4... caracteres, try something beetween 8 and 10 et voila... System : SUN Solaris OS version : 8 for Sparc and intel, not tested with other version Verified/Guessed: Verified For more infoamtion/explanation call me or write a email Kéven Belanger Analyste en solutions de sécurité Logicon Inc. - Division Sécurité 819.825.8049 x7717 800.567.6399 x7717 ----- End forwarded message -----
Current thread:
- [kbelanger () logicon ca: [VulnWatch] vuln in login under solaris] Len Rose (Sep 05)
- [kbelanger () logicon ca: [VulnWatch] vuln in login under solaris] Steve (Sep 05)
- [kbelanger () logicon ca: [VulnWatch] vuln in login under solaris] Len Rose (Sep 05)
- [kbelanger () logicon ca: [VulnWatch] vuln in login under solaris] hellNbak (Sep 05)
- [kbelanger () logicon ca: [VulnWatch] vuln in login under solaris] Len Rose (Sep 05)
- [kbelanger () logicon ca: [VulnWatch] vuln in login under solaris] Steve (Sep 05)