Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Solaris /usr/bin/cu Vulnerability
From: Casper Dik <Casper.Dik () HOLLAND SUN COM>
Date: Fri, 19 Jan 2001 17:46:40 +0100

If i look at the output of find / -user uucp -xdev -ls on a freshly
installed and patched solaris7, this seems enough for me to r00t
the box.
# find / -user uucp -xdev -ls
188616   55 -rws--x--x  1 uucp     bin         56240 Jan  9 06:39 /usr/bin/tip
188741    8 -r-xr-xr-x  1 uucp     uucp         8188 Sep  1  1998 /usr/bin/uudecode
188742    8 -r-xr-xr-x  1 uucp     uucp         7224 Sep  1  1998 /usr/bin/uuencode
123841    0 -rw-------  1 uucp     bin             0 Jan 17 15:54 /var/adm/aculog
300661    1 drwxr-xr-x  2 uucp     uucp          512 Jan 19 08:28 /var/spool/locks
276741    0 crw-------  1 uucp     uucp      29,131072 Jan 17 16:16 /devices/sbus () 1f,0/zs () f,110000
0:a,cu
276742    0 crw-------  1 uucp     uucp      29,131073 Jan 17 16:16 /devices/sbus () 1f,0/zs () f,110000
0:b,cu
(the 2 devices are /dev/term/a and /dev/term/b ...)

In Solaris 8 we have changed the ownership of the binaries to root,
except those that are set-uid uucp.

Uucp configuration and tip are still uucp owned.


Casper


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]