Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Possible SunOS 5.5.1 sulogin vulnerability

Re: Possible SunOS 5.5.1 sulogin vulnerability

From: Doug Hughes <Doug.Hughes_at_ENG.AUBURN.EDU>
Date: Fri, 15 Nov 1996 17:26:50 -0600

>Possible hole in sulogin here? Under Solaris 2.5.1 (sparc & x86),
>executing /sbin/sulogin from an unprivileged user account dumps you
>into what appears to be single-user mode with an ugly warning message
>without prompting for the root password. You don't find this with
>earlier versions of Solaris (2.5 and lower).
>
>________________________________________________________________
>
>sol251% /sbin/sulogin
>
>*** NO ENTRY FOR root IN PASSWORD FILE! ***
>
>Entering System Maintenance Mode
>
>$
>
>________________________________________________________________
>
>sol25% /sbin/sulogin
>
>Type Ctrl-d to proceed with normal startup,
>(or give root password for system maintenance):

Yeah, but you're still yourself (id = your ID). I think that the only
real harm is that your prompt is changed. Basically, you get dumped
into a Bourne shell with a confusing warning. 

--
____________________________________________________________________________
Doug Hughes                                     Engineering Network Services
System/Net Admin                                Auburn University
                        doug_at_eng.auburn.edu
Received on Nov 16 1996
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos