Bugtraq: Re: Solaris 2.6, 7, 8

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Solaris 2.6, 7, 8

From: Sebastian <scut () nb in-berlin de>
Date: Fri, 4 Oct 2002 08:42:24 +0200


Hi.


On Wed, Oct 02, 2002 at 12:00:38PM -0400, buzheng wrote:

But, the remote setting of TTYPROMPT does matter. you can not succeed in
login without remotely changing the TTYPROMPT. This is also the bug
mentioned in Jonathan's original letter (bid:5531).

 
Which is plain wrong. This may be true for the 64 times " c" method, but in
the generic case it does not matter.

The second bug in login, where login walks out of a 64 (char *) array can be
exploited remotely to gain root privileges even if you cannot login as root
legally and even if you do not touch TTYPROMPT at all.

If you have applied patches for these 2 bugs, you are safe now.

 
And everybody should have done so since November 2001.

-- 
bu,zheng <buzheng2001 () yahoo com>

 
ciao,
Sebastian

-- 
-. scut () nb in-berlin de -. + http://segfault.net/~scut/ `--------------------.
-' segfault.net/~scut/pgp `' 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07
`- project grasp infiltrated, phantom works falling. hi echelon! ------------'

By Date By Thread

Current thread:

Solaris 2.6, 7, 8 Jonathan S (Oct 02)
- Re: Solaris 2.6, 7, 8 Dave Ahmad (Oct 02)
  - Re: Solaris 2.6, 7, 8 buzheng (Oct 02)
    - Re: Solaris 2.6, 7, 8 tb0b (Oct 03)
    - Re: Solaris 2.6, 7, 8 Marco Ivaldi (Oct 03)
    - Re: Solaris 2.6, 7, 8 Sebastian (Oct 05)
  - Re: Solaris 2.6, 7, 8 Christopher X. Candreva (Oct 02)
  - Re: Solaris 2.6, 7, 8 Gert-Jan Hagenaars (Oct 03)
- Re: Solaris 2.6, 7, 8 Ido Dubrawsky (Oct 03)
- Re: Solaris 2.6, 7, 8 Ramon Kagan (Oct 03)
  - Re: Solaris 2.6, 7, 8 Roy Kidder (Oct 03)