[212] in bugtraq
Re: Solaris 2.4
daemon@ATHENA.MIT.EDU (Pete Shipley)
Sat Nov 26 20:47:47 1994
To: kotf@netline-fddi.jpl.nasa.gov
Cc: bugtraq@fc.net
In-Reply-To: Your message of Wed, 19 Oct 1994 21:19:43 -0700.
<199410200419.VAA00402@netline-fddi.jpl.nasa.gov>
Date: Sat, 26 Nov 1994 15:42:01 -0800
From: Pete Shipley <shipley@merde.dis.org>
-----BEGIN PGP SIGNED MESSAGE-----
>Since I had heard that Solaris 2.4 was shipping, I ftp'd to
>sunsolve1, cd'd to pub/patches, and pulled over the
>file named Solaris2.4.PatchReport, which I am including at
>the end of this message. It looks like there are some
>serious security problems with 2.4, namely a problem with su
>echoing the password on the console, a problem with portmapper, =
>and a problem with the mouse code which makes "break root" attack =
>possible. Apparently the protmapper problem was fixed with an
>earlier patch to 2.3, because the README for the portmapper
>patch says it "re-appeared in 5.4".
can someone elaborate on the problem with the Solaris "mouse code" and =
portmapper?
-Pete
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQBVAwUBLtfHxHynuL1gkffFAQGE+AH9HVjwfLUQ6DcgQtdrZF2GPQZ4bWOxiM5j
bgdSBeIL4WUCNL9ve1LZx6ldhCAe1XwdFqv16PbYcwLhqxxzJLxt0w=3D=3D
=3DTxpV
-----END PGP SIGNATURE-----
