[2106] in bugtraq
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
daemon@ATHENA.MIT.EDU (Dan Thorson)
Tue Aug 15 19:59:12 1995
Date: Tue, 15 Aug 1995 15:58:48 EDT
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Dan Thorson <Dan_Thorson@notes.seagate.com>
X-To: Michael Dilger <Michael.Dilger@Eng.Sun.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Michael said:
> I tried this attack on /usr/bin/ps and /usr/ucb/ps, and it
> works on both of them. This makes me think that more than
> just solaris 2.x machines are vulnerable (depending on the
> /tmp sticky bit).
I did a little poking around myself. SunOS 4.x's "ps":
isn't suid root
doesn't open any file in /tmp
and even if it did, /tmp has the sticky bit set
So only SunOS 5.x seems involved insofar as SunOS is concerned.
I checked my HP's, and their ps is also not suid root, so they
should be safe.
True?
dct
