Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Solaris 2.6, 7, 8
From: Sebastian <scut () nb in-berlin de>
Date: Fri, 4 Oct 2002 08:42:24 +0200


On Wed, Oct 02, 2002 at 12:00:38PM -0400, buzheng wrote:

But, the remote setting of TTYPROMPT does matter. you can not succeed in
login without remotely changing the TTYPROMPT. This is also the bug
mentioned in Jonathan's original letter (bid:5531).
Which is plain wrong. This may be true for the 64 times " c" method, but in
the generic case it does not matter.

The second bug in login, where login walks out of a 64 (char *) array can be
exploited remotely to gain root privileges even if you cannot login as root
legally and even if you do not touch TTYPROMPT at all.

If you have applied patches for these 2 bugs, you are safe now.
And everybody should have done so since November 2001.

bu,zheng <buzheng2001 () yahoo com>

-. scut () nb in-berlin de -. + http://segfault.net/~scut/ `--------------------.
-' segfault.net/~scut/pgp `' 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07
`- project grasp infiltrated, phantom works falling. hi echelon! ------------'

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]