[3749] in bugtraq
Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm]
daemon@ATHENA.MIT.EDU (Kevin L Prigge)
Thu Dec 5 17:24:25 1996
Date: Thu, 5 Dec 1996 16:15:20 -0600
Reply-To: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
From: Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <no.id> from klp at "Dec 5, 96 12:55:16 pm"
Kevin L Prigge said:
> Problem: Vulnerabilities in /usr/vmsys/bin/chkperm
> Platform: Solaris 2.4, 2.5, 2.5.1, other System V derived
> systems with the FACE package installed
We have since learned that this has been fixed in 2.5 and above. There
is still the problem of creating a file owner bin, group bin
in the current directory with a filename made up of unprintable
characters. This is probably poor error handling rather than
a security problem.
Kevin Prigge <klp@tc.umn.edu>
John Ladwig <jladwig@soils.umn.edu>
--
Kevin L. Prigge | Some mornings, it's just not worth
Systems Software Programmer | chewing through the leather straps.
Internet Enterprise - OIT | - Emo Phillips
University of Minnesota |
