[2096] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Solaris 2.x vunerability

daemon@ATHENA.MIT.EDU (Scott Chasin)
Mon Aug 14 15:56:31 1995

Date:         Mon, 14 Aug 1995 12:39:11 MDT
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Scott Chasin <chasin@CRIMELAB.COM>
X-To:         bugtraq@crimelab.com
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>

A major hold has been found on Solaris 2.x which will allow
anyone with a user account to gain root access.

I will be sending the exploit code to you in a few hours from now.

The bug exploits a common vunerability that can be fixed with
an easy workaround: chmod +t /tmp

My suggestion to you is that you check all machines running Solaris 2.x
to see if the /tmp directory has the sticky bit set.

GOOD:  drwxrwxrwt   3 root     root         877 Aug 14 12:43 /tmp
EVIL:  drwxrwxrwx   3 root     root         877 Aug 14 12:43 /tmp

If you have any questions at all, please Email me.

Scott Chasin
chasin@crimelab.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2096] in bugtraq

Solaris 2.x vunerability

daemon@ATHENA.MIT.EDU (Scott Chasin)Mon Aug 14 15:56:31 1995

daemon@ATHENA.MIT.EDU (Scott Chasin)
Mon Aug 14 15:56:31 1995