Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

rootiifeak.swan.ac.uk

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Arve Kjoelen: "BUGTRAQ ALERT: Solaris 2.x"
• Previous message: David Rukshin: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• In reply to: Casper Dik: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• Next in thread: Darren Reed: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"

> Just to add my two cents to the discussion:
>         - this is a known problem

So why wasn't it more publically announced. Sun could easily have issued a
new binary very publically and without saying what they had fixed.

>         - it is fixed in 2.5 (by using fchown, not chown, both versions of ps)
So why didnt you tell people instead of negligently leaving them exposed

>         - it only affects people that either:
>                 - use tmpfs (default) and don't modifiy it +t themselves
>                 - or us a filesystem for /tmp and didn't do a +t as well.

Otherwise known as the majority of people who are less technically clued up.
Vendors need to improve their methods.

Alan

• Next message: Arve Kjoelen: "BUGTRAQ ALERT: Solaris 2.x"
• Previous message: David Rukshin: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• In reply to: Casper Dik: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
• Next in thread: Darren Reed: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"