[3618] in bugtraq
Re: Possible SunOS 5.5.1 sulogin vulnerability
daemon@ATHENA.MIT.EDU (Mark Graff)
Sat Nov 16 17:04:27 1996
Date: Fri, 15 Nov 1996 16:05:34 -0800
Reply-To: Mark Graff <mark.graff@Eng.Sun.COM>
From: Mark Graff <mark.graff@Eng.Sun.COM>
X-To: swb@aurora.phys.utk.edu
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
This was discussed on comp.security.unix yesterday. It's not a security hole,
just a bogus message produced by a program that expects to be run
with privileges. I filed a bug on it.
-mg-
Mark Graff
Sun Security Coordinator
415 -786-5274
From owner-bugtraq@NETSPACE.ORG Fri Nov 15 16:01:54 1996
Approved-By: ALEPH1@UNDERGROUND.ORG
Approved-By: Steve Blass <swb@AURORA.PHYS.UTK.EDU>
Date: Fri, 15 Nov 1996 17:59:42 -0500
Subject: Re: Possible SunOS 5.5.1 sulogin vulnerability
X-To: "Jason R. Mastaler" <jason@mastaler.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
I just tried it on a patched 2.5.1 box and it does *look like it goes into
single user mode but I still couldn't edit /etc/shadow. Near as I can
tell it just gave me a subshell.
-
swb
On Wed, 13 Nov 1996, Jason R. Mastaler wrote:
> Possible hole in sulogin here? Under Solaris 2.5.1 (sparc & x86),
> executing /sbin/sulogin from an unprivileged user account dumps you
> into what appears to be single-user mode with an ugly warning message
> without prompting for the root password. You don't find this with
> earlier versions of Solaris (2.5 and lower).
>
> ________________________________________________________________
>
> sol251% /sbin/sulogin
>
> *** NO ENTRY FOR root IN PASSWORD FILE! ***
>
> Entering System Maintenance Mode
>
> $
>
> ________________________________________________________________
>
> sol25% /sbin/sulogin
>
> Type Ctrl-d to proceed with normal startup,
> (or give root password for system maintenance):
>
> ________________________________________________________________
>
