[399] in bugtraq
Re: Solaris ff.core and wsinfo commands.
daemon@ATHENA.MIT.EDU (John C. Orthoefer)
Tue Dec 6 21:06:08 1994
To: bugtraq@fc.net
In-Reply-To: Your message of "Tue, 06 Dec 1994 15:55:41 +0700."
<9412061555.AA28707@al.mrc-lmb.cam.ac.uk>
Date: Tue, 06 Dec 1994 18:34:58 -0500
From: "John C. Orthoefer" <jco@bbn.com>
> I haven't seen any _obvious_ ways that these could be dangerous for security,
> but I'm naturally suspicious of any setuid/setgid program that crashes. Has
> anyone got any further info on these programs?
I sent this to James already, but forgot to cc the list.
Patch 101889-01 says-
Keywords: ff.core security hole
Synopsis: OpenWindows 3.3: filemgr forked execuatble ff.core has a
security hole.
Date: Aug/30/94
Solaris Release: 2.3
SunOS Release: 5.3
Unbundled Product: OpenWindows
Unbundled Release: 3.3
BugId's fixed with this patch: 1171394
Files included with this patch:
/usr/openwin/bin/ff.core
Problem Description:
1171394 filemgr forked execuatble ff.core has a security hole.
johno
-
John Orthoefer | Take this out and a Unix Demon will dog your steps from
<jco@bbn.com> | now until the time_t's wrap around.
617-873-6188 | -- Curse from the tunefs(8) man page source
