Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1995: Re: Beer & talk at Usenix Security Symposium

Re: Beer & talk at Usenix Security Symposium

Alexander L. Haiut (alxCS.bgu.ac.il)
Sat, 3 Jun 1995 03:10:43 +0200 (GMT+0200)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rick Busdiecker: "Re: "Bonde" Jokes from Karl Strickland"
Previous message: Alexander L. Haiut: "Re: SECURITY: problem with some wu-ftpd-2.4 binaries (fwd)"
In reply to: Paul: "Beer & talk at Usenix Security Symposium"

> Obbug:I have noticed this on SunOS 4.1.3 running X11R5 and
> motif 1.2.3. Anyone can get limited (possibly more) access to the
> system if:
>  -There is a ".xsession" file that is world readable in the root "/" 
>    directory (i.e. 644 as usual)
>  -Sync account is left with default passwd entry of
>    "sync::5:1:/:/bin/csh"  (i.e. Which is the Sun install default)

	If my memory serves me well, the SunOS 4.1.x default passwd 
	entry for sync is: "sync::1:1::/:/bin/sync". Am I wrong ?

	Sure, this should be fixed because of things you show and the
	LD_LIBRARY_PATH bug. .xsession exploit is fine, but I've never
	seen .xsession file in root directory.. :) 

			Thanks!			--alex.


--

Alexander L. Haiut					       +971-7-461658
Math & CS System group		                            alxcs.bgu.ac.il
Ben-Gurion University, Israel                  http://www.cs.bgu.ac.il/~alx/

Next message: Rick Busdiecker: "Re: "Bonde" Jokes from Karl Strickland"
Previous message: Alexander L. Haiut: "Re: SECURITY: problem with some wu-ftpd-2.4 binaries (fwd)"
In reply to: Paul: "Beer & talk at Usenix Security Symposium"