[18715] in bugtraq
Re: Solaris /usr/bin/cu Vulnerability
daemon@ATHENA.MIT.EDU (Casper Dik)
Mon Jan 22 17:03:03 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <200101191646.RAA11032@romulus.Holland.Sun.COM>
Date: Fri, 19 Jan 2001 17:46:40 +0100
Reply-To: Casper Dik <Casper.Dik@HOLLAND.SUN.COM>
From: Casper Dik <Casper.Dik@HOLLAND.SUN.COM>
X-To: jpm@class.de
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Fri, 19 Jan 2001 09:36:24 +0100."
<20010119093624.A12463@fm.rz.fh-muenchen.de>
>If i look at the output of find / -user uucp -xdev -ls on a freshly
>installed and patched solaris7, this seems enough for me to r00t
>the box.
># find / -user uucp -xdev -ls
>188616 55 -rws--x--x 1 uucp bin 56240 Jan 9 06:39 /usr/bin/tip
>188741 8 -r-xr-xr-x 1 uucp uucp 8188 Sep 1 1998 /usr/bin/uudecode
>188742 8 -r-xr-xr-x 1 uucp uucp 7224 Sep 1 1998 /usr/bin/uuencode
>123841 0 -rw------- 1 uucp bin 0 Jan 17 15:54 /var/adm/aculog
>300661 1 drwxr-xr-x 2 uucp uucp 512 Jan 19 08:28 /var/spool/locks
>276741 0 crw------- 1 uucp uucp 29,131072 Jan 17 16:16 /devices/sbus@1f,0/zs@f,110000
0:a,cu
>276742 0 crw------- 1 uucp uucp 29,131073 Jan 17 16:16 /devices/sbus@1f,0/zs@f,110000
0:b,cu
>(the 2 devices are /dev/term/a and /dev/term/b ...)
In Solaris 8 we have changed the ownership of the binaries to root,
except those that are set-uid uucp.
Uucp configuration and tip are still uucp owned.
Casper
