Full Disclosure mailing list archives
Re: [VulnWatch] Sun passwd(1) Command Vulnerability
From: "Jay D. Dyson" <jdyson () bugtraq org>
Date: Sat, 6 Mar 2004 10:33:58 -0500
Chris, The grammar of this alert has left me somewhat curious, and I was wondering if you could take a moment to clarify a few quick questions from a fan of the l0pht, such as myself. The vulnerability assessment of this is listed as MEDIUM. Also, the word may is used, instead of will. So my questions are as follows: 1) Is a bug that yields local root privilages on a widespread commercial Unix only a medium risk? 2) Was atstake unable to verify whether or not this exploitable, hence the "may be exploitable", instead of "A local unprivileged user can gain unauthorized root privileges." I often find the grammar used in security advisories and briefs to be confusing, and I'm forced to wonder if the wording is deliberate. Historically, when security companies have made claims that they could not verify, they have been dealt with in a very public, and very humilitating fashion, so I rather suspect that meticulous care is put in the phrasing without making any brash unverified statements, that could cause such embarassment to said company. Knowing you, and having the utmost respect for your views on full disclosure and the free exchange of information and ideas, I look forward to your response on this matter. As I stated earlier, I have always been a big fan of The l0pht - and further that nc.exe has forever changed my life. Incidently, to all the children out there reading the mailing lists - listening to The Crystal Method is acceptable behavior, but using crystal meth is not. Chris, I look forward to your speedy reply to this email. On Fri, Mar 05, 2004 at 11:21:28AM -0500, Chris Wysopal wrote:
O-088: Sun passwd(1) Command Vulnerability [Sun Alert ID: 57454] March 2, 2004 22:00 GMT -------------------------------------------------------------------------------- PROBLEM: The passwd command computes the hash of a password typed at run-time or the hash of each password in a list. A vulnerability exists in this command. PLATFORM: Solaris 8, 9 (SPARC and x86 Platforms) DAMAGE: A local unprivileged user may be able to gain unauthorized root privileges due to a security issue involving the passwd(1) command. SOLUTION: Install the security patch. -------------------------------------------------------------------------------- VULNERABILITY ASSESSMENT: The risk is MEDIUM. A local unprivileged user may be able to gain unauthorized root privileges. -------------------------------------------------------------------------------- LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-088.shtml ORIGINAL BULLETIN: Sun Alert ID: 57454 http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57454&zone_32=category%3Asecurity
-- - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdyson () bugtraq org ------<) | = |-' `--' `--' `-------- Si latinam satis simiis doces, --------' `------' `--- quandoque unus aliquid profundum dicet ---' _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [VulnWatch] Sun passwd(1) Command Vulnerability Jay D. Dyson (Mar 06)
- <Possible follow-ups>
- Re: [VulnWatch] Sun passwd(1) Command Vulnerability Steven M. Christey (Mar 07)