[3759] in bugtraq
Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm]
daemon@ATHENA.MIT.EDU (Paul B. Henson)
Fri Dec 6 14:00:08 1996
Date: Fri, 6 Dec 1996 09:49:38 -0800
Reply-To: pbhenson@csupomona.edu
From: "Paul B. Henson" <henson@intranet.csupomona.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SOL.3.91.961206144015.2490A-100000@racoon.riga.lv> (message
from Nikolai Matyushenko on Fri, 06 Dec 1996 14:41:42 +0200)
> chkperm is suid to bin and /usr/bin/ directory is owned by root
> in Solaris 2.4 and above, that causes the error message and no .rhosts is
> created/
chkperm is also sgid to bin:
-rwsr-sr-x 1 bin bin 8452 Oct 25 1995 /usr/vmsys/bin/chkperm
and /usr/bin is writable by the bin group:
drwxrwxr-x 2 root bin 8704 Nov 15 13:43 /usr/bin
So the root ownership of /usr/bin would not deny chkperm write privs.
From what I understand, this bug works on 2.4, but not 2.5+, so something
must have changed between the two, but I don't think it was the ownership
of the /usr/bin directory.
--
Paul Henson | System Administrator | Cal Poly Pomona | (909) 869-3781
pbhenson@csupomona.edu | finger henson@brick.dce.csupomona.edu for PGP key
