[8450] in bugtraq
Re: another /usr/dt/bin/dtappgather feature!
daemon@ATHENA.MIT.EDU (J.A. Gutierrez)
Mon Nov 9 12:02:13 1998
Date: Fri, 6 Nov 1998 18:35:36 +0100
Reply-To: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
From: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.02.9811042153180.17259-100000@goodguy.dyn.ml.org>
from "Ben Collins" at Nov 4, 98 09:55:50 pm
> This isn't a permissions problem on the directories, note that his output
> shows that the directory does have the new (ie. patched) permissions. I
> tested this on a completely patched system (patched it right before I
> tested it with the latest ones from sunsolve1). I was still able to
> replicate the exploit.
The problem with DTUSERSESSION was already posted on last
Feb 24; and by then, the "Solaris dtappgather patch" fixed the
DTUSERSESSION but not the link (directory permissions) problem,
which probably is fixed by the other patch on 2.5.x.
So, at least Solaris 2.6 (sparc) with recent patches is not
vulnerable.
--
finger spd@gtc1.cps.unizar.es for PGP / So be easy and free
.mailcap tip of the day: / when you're drinking with me
application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day
text/x-vcard; cat '%s' > /dev/null / (the pogues)
