Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: Re: another /usr/dt/bin/dtappgather feature!

Re: another /usr/dt/bin/dtappgather feature!

Casper Dik (casperHOLLAND.SUN.COM)
Mon, 9 Nov 1998 20:44:12 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: joshua grubman: "Sun Security Bulletin #00178"
Previous message: Krish Jagannathan: "FoolProof for PC Exploit"
In reply to: J.A. Gutierrez: "Re: another /usr/dt/bin/dtappgather feature!"
Next in thread: Mike Iglesias: "Re: another /usr/dt/bin/dtappgather feature!"

>        The problem with DTUSERSESSION was already posted on last
>        Feb 24; and by then, the "Solaris dtappgather patch" fixed the
>        DTUSERSESSION but not the link (directory permissions) problem,
>        which probably is fixed by the other patch on 2.5.x.
>
>        So, at least Solaris 2.6 (sparc) with recent patches is not
>        vulnerable.


The problem is patched with both the dtappgather and dtlogin
patches to Solaris 2.5.1/2.6 (and presumably 2.5 as well).

You need to apply both and restart dtlogin.

I'm not sure, but you might even need to rm -rf /var/dt before restarting
dtlogin, but it seems it will fix up the permissions on startup.

Casper

Next message: joshua grubman: "Sun Security Bulletin #00178"
Previous message: Krish Jagannathan: "FoolProof for PC Exploit"
In reply to: J.A. Gutierrez: "Re: another /usr/dt/bin/dtappgather feature!"
Next in thread: Mike Iglesias: "Re: another /usr/dt/bin/dtappgather feature!"