[4758] in bugtraq
Re: Solaris 2.5.1 party piece
daemon@ATHENA.MIT.EDU (Joe Gross)
Sat Jun 21 06:43:28 1997
Date: Fri, 20 Jun 1997 21:38:23 -0500
Reply-To: Joe Gross <jgross@UIUC.EDU>
From: Joe Gross <jgross@UIUC.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199706201226.OAA04914@branka.zesoi.fer.hr>; from Bojan Zdrnja on
Fri, Jun 20, 1997 at 02:26:27PM +0200
On Fri, Jun 20, 1997 at 02:26:27PM +0200, Bojan Zdrnja wrote:
>
> Also didn't work on my Solaris 2.5.1, but on Solaris 2.4 it works!
I just tried it on a freshly installed, fully patched 2.5.1 system and this
attack does indeed work.
If you change the "lo0" to "le0" or "hme0" (depending on your interface
names) it will work like a charm.
This also works with rexecd.
The 2.6 machine I tried it on is not vulnerable.
--
Joe Gross | CCSO Unix Systems Engineer - University of Illinois UC
jgross@uiuc.edu | finger for pgp public key
