|
Bugtraq
mailing list archives
Re: Security Info (root broken)
From: mark () netsys com (Mark)
Date: Sat, 8 Oct 1994 13:33:21 -0700 (PDT)
>> This was a new
>> install, and it lasted about 4 days. One person heard thru the cracker
>> grapvine that root was broken thru /bin/mail.
P> Did you happen to install the following, in particular 101436-02?
P> Solaris 1.1.1 Patches Containing Security Fixes:
P> ------------------------------------------------
P> 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch
This is the patch which made the race condition *easier* to exploit
than it was in the unpatched version.
I dont know about you guys but having used and proved all of the binmail
exploit scripts the quick and dirty fix for them is put this in rc.local:
/bin/touch /usr/spool/mail/root
/bin/touch /usr/spool/mail/sysdiag
/bin/touch /usr/spool/mail/sundiag
/bin/touch /usr/spool/mail/[any other uid 0 acct]
It closes the need-a-root-owned-mbox problem. There are other additions
for rc.local to close more bugs, but lets wait the usual six months :)
Cheers,
Mark
 By Date 
By Thread
Current thread:
- Re: Security Info (root broken) Mark (Oct 08)
| 
Intro
