[3509] in bugtraq
Re: /usr/bin/solstice under solaris 5.5
daemon@ATHENA.MIT.EDU (Casper Dik)
Sat Oct 19 11:41:05 1996
Date: Sat, 19 Oct 1996 11:28:11 +0200
Reply-To: Casper Dik <casper@holland.Sun.COM>
From: Casper Dik <casper@holland.Sun.COM>
X-To: Grant Kaufmann <gkaufman@cs.uct.ac.za>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of "Fri, 18 Oct 1996 09:36:56 +0200."
<199610180736.JAA10499@ebi.cs.uct.ac.za>
>/usr/bin/solstice is a program launcher under solaris 2.5
>Unfortunately, for some reason, it is distributed set-gid bin,
>and politely launches any programs without revoking this.
>The exploit:
This is a well known bug which has already been discussed here at length.
/usr/bin/solstice was first shipped with SOlaris 2.5/SunOS 5.5 so older
versions are not at risk.
These patches fix the bug, alternatively you can just remove the set-gid bit.
103245-07: Solaris 2.5_x86: admintool patch
103247-07: SunOS 5.5: admintool patch
103558-05: SunOS 5.5.1: admintool fixes for security and missing swmtool options
103559-05: SunOS 5.5.1_x86: admintool fixes for security/missing swmtool options
103560-05: SunOS 5.5.1_ppc: admintool fixes for security/missing swmtool options
