Re: Looking for Info

[Pete Rotheroe <protheroe () paladintek com>]

John,

There is a known buffer overflow in Solaris (pre 8) which would affect 2.6.

See advisory 12/12/01

CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login

for more details.    

Supposedly this vulnerability provides remote root access when correctly 
exploited.

I believe Sun provided patches for this issue shortly after the advisory 
was issued.

Pete Rotheroe
Paladin Technologies, Inc.

Rovert John F DLVA wrote:

> Greetings
>
> I have, what I hope is a simple question.
>
> We are running PVCS Dimensions 6.0 SP2
> from Merant.
>
> I am currently embroiled in a rather heated
> discussion with management about possible
> user threats to the above package.
>
> Does anyone have any experience pen-testing 
> this, or know of any attacks that may
> allow root access to the underlying system?
>
> The above is on a Sun Ultra Enterprise 
> running Solaris 5.6
>
> Thanks in advance for any information
>
> John F. Rovert
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/