Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1994: Re: Security Info (root broken)

Re: Security Info (root broken)

John Ladwig (jladwigsoils.umn.edu)
Thu, 29 Sep 1994 07:35:56 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pug: "Re: Security Info (root broken)"
Previous message: Pug: "Re: Security Info (root broken)"
In reply to: Pug: "Re: Security Info (root broken)"
Next in thread: Pug: "Re: Security Info (root broken)"

>>>>> On Thu, 29 Sep 1994 07:04:44 -0600 (CDT), Pug <pugarlut.utexas.edu> said:

    >> This was a new
    >> install, and it lasted about 4 days.   One person heard thru the cracker
    >> grapvine that root was broken thru /bin/mail.

    P> Did you happen to install the following, in particular 101436-02?

    P> Solaris 1.1.1 Patches Containing Security Fixes:
    P> ------------------------------------------------

    P> 101436-02   SunOS 4.1.3_U1: bin/mail jumbo patch

This is the patch which made the race condition *easier* to exploit
than it was in the unpatched version.

    -jml

Next message: Pug: "Re: Security Info (root broken)"
Previous message: Pug: "Re: Security Info (root broken)"
In reply to: Pug: "Re: Security Info (root broken)"
Next in thread: Pug: "Re: Security Info (root broken)"