Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_3

Bugtraq archives for 3rd quarter (Jul-Aug) 1995: Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

Dan Thorson (Dan_Thorsonnotes.seagate.com)
Tue, 15 Aug 1995 15:58:48 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Sam Quigley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Aleph One: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Maybe in reply to: Scott Chasin: "BUGTRAQ ALERT: Solaris 2.x vulnerability"
Next in thread: Aleph One: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"

Michael said:
> I tried this attack on /usr/bin/ps and /usr/ucb/ps, and it
> works on both of them.  This makes me think that more than
> just solaris 2.x machines are vulnerable (depending on the
> /tmp sticky bit).

I did a little poking around myself.  SunOS 4.x's "ps":
 isn't suid root
 doesn't open any file in /tmp
 and even if it did, /tmp has the sticky bit set

So only SunOS 5.x seems involved insofar as SunOS is concerned.

I checked my HP's, and their ps is also not suid root, so they
should be safe.

True?

dct

Next message: Sam Quigley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Aleph One: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Maybe in reply to: Scott Chasin: "BUGTRAQ ALERT: Solaris 2.x vulnerability"
Next in thread: Aleph One: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"