Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Solaris 2.5.1 party piece
From: Wolfram.Schmidt () IAO FHG DE (Wolfram Schmidt)
Date: Fri, 20 Jun 1997 04:10:17 +0200

Some weeks ago I was given a test patch which fixes the problem. Lets see
how long it takes to build the final version.

-Wolfram



On Jun 19, 20:47, Alan Cox wrote:

Subject: Solaris 2.5.1 party piece

]  Well CERT have had this for a year, AUSCERT for a couple of weeks and
] now its time bugtraq had it
]
] cc solarisuck.c -o solarisuck -lsocket
] rsh localhost ./solarisuck
[...]
] You can adjust this to do other things. Basically any user can do
network control
] requests on a root created socket descriptor.
]
]
] Workarounds:
]  1.  Disable rsh and any non root owned inetd tasks -  breaks remote tar
etc
]  2.  Run an OS that the vendor doesnt take a year to fix bugs in
]
]  I have the original emails from Sun folks (Casper Dik, Alec Muffett and
co)
]  to prove Sun have sat on this for ages.
]
]  Alan

-- End of excerpt from Alan Cox




--
Email: Wolfram.Schmidt () iao fhg de
Voice: +49 711 970 2431
Fax: +49 711 970 2401
Office: Fraunhofer IAO, Holzgartenstr. 17, 70174 Stuttgart, Germany

  By Date           By Thread  

Current thread:
  • Re: Solaris 2.5.1 party piece Wolfram Schmidt (Jun 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]