Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_3

Bugtraq archives for 3rd quarter (Jul-Aug) 1995: Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

Brian Perkins (bperkinsNETSPACE.ORG)
Tue, 15 Aug 1995 18:32:53 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Adam Prato: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Sam Quigley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
In reply to: Adam Prato: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Next in thread: Sam Quigley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"

I found that the program would not work if I tried to put the root shell in
my home dir, which was mounted via NFS.  I tried fo half an hour.
If I tried moving it to /tmp, it worked within a minute, a couple of times.

Is there a /proc based ps? It seems to me that this would be a better fix.

> I haven't been able to get this to work. It seems that /usr/bin/ps does not
> create any files in /tmp. I had two windows open, one doing a while true ; do
> ls /tmp ; sleep 1 ; done. And the other trying this exploit. A ps.* file is
> never created (rather no files are created in /tmp). I accidentally left the
> exploit running all night and it still didn't work. /usr/ucb/ps however does
> create a ps_data file, but it doesnt seem to be changed by psrace.

--

Brian Perkins                               bperkinsnetspace.org

Next message: Adam Prato: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Previous message: Sam Quigley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
In reply to: Adam Prato: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
Next in thread: Sam Quigley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"