[4748] in bugtraq
Re: Solaris 2.5.1 party piece
daemon@ATHENA.MIT.EDU (Wolfram Schmidt)
Fri Jun 20 16:09:18 1997
Date: Fri, 20 Jun 1997 04:10:17 +0200
Reply-To: Wolfram Schmidt <Wolfram.Schmidt@IAO.FHG.DE>
From: Wolfram Schmidt <Wolfram.Schmidt@IAO.FHG.DE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK> "Solaris 2.5.1 party piece"
(Jun 19, 20:47)
Some weeks ago I was given a test patch which fixes the problem. Lets see
how long it takes to build the final version.
-Wolfram
On Jun 19, 20:47, Alan Cox wrote:
> Subject: Solaris 2.5.1 party piece
] Well CERT have had this for a year, AUSCERT for a couple of weeks and
] now its time bugtraq had it
]
] cc solarisuck.c -o solarisuck -lsocket
] rsh localhost ./solarisuck
[...]
] You can adjust this to do other things. Basically any user can do
network control
] requests on a root created socket descriptor.
]
]
] Workarounds:
] 1. Disable rsh and any non root owned inetd tasks - breaks remote tar
etc
] 2. Run an OS that the vendor doesnt take a year to fix bugs in
]
] I have the original emails from Sun folks (Casper Dik, Alec Muffett and
co)
] to prove Sun have sat on this for ages.
]
] Alan
>-- End of excerpt from Alan Cox
--
Email: Wolfram.Schmidt@iao.fhg.de
Voice: +49 711 970 2431
Fax: +49 711 970 2401
Office: Fraunhofer IAO, Holzgartenstr. 17, 70174 Stuttgart, Germany
