[3614] in bugtraq
Re: Possible SunOS 5.5.1 sulogin vulnerability
daemon@ATHENA.MIT.EDU (Doug Hughes)
Sat Nov 16 06:40:06 1996
Date: Fri, 15 Nov 1996 17:26:50 -0600
Reply-To: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
X-To: "Jason R. Mastaler" <jason@mastaler.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <x7zq0l31aa.fsf@mastaler.com>
>Possible hole in sulogin here? Under Solaris 2.5.1 (sparc & x86),
>executing /sbin/sulogin from an unprivileged user account dumps you
>into what appears to be single-user mode with an ugly warning message
>without prompting for the root password. You don't find this with
>earlier versions of Solaris (2.5 and lower).
>
>________________________________________________________________
>
>sol251% /sbin/sulogin
>
>*** NO ENTRY FOR root IN PASSWORD FILE! ***
>
>Entering System Maintenance Mode
>
>$
>
>________________________________________________________________
>
>sol25% /sbin/sulogin
>
>Type Ctrl-d to proceed with normal startup,
>(or give root password for system maintenance):
Yeah, but you're still yourself (id = your ID). I think that the only
real harm is that your prompt is changed. Basically, you get dumped
into a Bourne shell with a confusing warning.
--
____________________________________________________________________________
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
doug@eng.auburn.edu
