[3748] in bugtraq
Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm]
daemon@ATHENA.MIT.EDU (Jody L. Baze)
Thu Dec 5 17:22:25 1996
Date: Thu, 5 Dec 1996 14:51:52 -0700
Reply-To: "Jody L. Baze" <jody@blueskytours.com>
From: "Jody L. Baze" <jody@blueskytours.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199612052116.NAA27342@steel.intranet.csupomona.edu>
On Thu, 5 Dec 1996, Paul B. Henson wrote:
> > Platform: Solaris 2.4, 2.5, 2.5.1, other System V derived
> > systems with the FACE package installed
>
> I tried your example on three different Solaris 2.5 machines with varying
> patch levels. On all of them, after setting up the environment as
> specified, running the chkperm command resulted in an error message, and no
> .rhosts file was created in /usr/bin.
I've tried this on several machines so far (also with varying patch levels)
and have noticed similar behaviour...
> % /usr/vmsys/bin/chkperm -l -u foo
> Error creating <gibberish characters>
It apparently tries to create that file in the parent directory. It *will*
create the file if you happen to be in, for example, /tmp/foo - it'll get
created in /tmp. The perm/owner/group is 0666:bin:bin.
> Was anyone able to successfully reproduce this exploit?
Nope, at least not on my machines. Hmm...
JLB
--
Jody L. Baze Blue Sky Tours, Inc.
Software Development 10832 Prospect Avenue N.E.
System Administration Albuquerque, NM 87112
jody@BlueSkyTours.COM (505) 292-6961
