[4512] in bugtraq
Re: SunOS exploit.
daemon@ATHENA.MIT.EDU (Austin Schutz)
Mon May 19 20:38:17 1997
Date: Mon, 19 May 1997 12:45:43 -0700
Reply-To: Austin Schutz <tex@COLLEGENET.COM>
From: Austin Schutz <tex@COLLEGENET.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.95q.970519112330.28832N-100000@westnet.com>
On Mon, 19 May 1997, Christopher X. Candreva wrote:
> On Sun, 18 May 1997, Trevor Linton wrote:
>
> > On sunos, if you execute a clean bash shell then type, export USER="root"
> > then USER=$LOGNAME, then execute chsh root or chfn root you can change
> > the root information.
>
> I was unable to duplicate this on SunOS 4.1.3, using bash 2.00.0(1)
> /usr/bin/passwd (which chsh and chfn are links to) however are not
> original, so possibly some security patch fixed this already.
>
I was able to duplicate this on a pretty vanilla 4.1.3 setup.
bash$ uname -a
SunOS elbereth 4.1.3_U1 2 sun4c
bash$
Tex
