[27315] in bugtraq
Re: Solaris 2.6, 7, 8
daemon@ATHENA.MIT.EDU (Sebastian)
Sat Oct 5 17:04:46 2002
Date: Fri, 4 Oct 2002 08:42:24 +0200
From: Sebastian <scut@nb.in-berlin.de>
To: bugtraq@securityfocus.com
Message-ID: <20021004064224.GA651@golem.nb>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021002115909.E8CB.BU_ZHENG@sina.com>
Hi.
On Wed, Oct 02, 2002 at 12:00:38PM -0400, buzheng wrote:
> But, the remote setting of TTYPROMPT does matter. you can not succeed in
> login without remotely changing the TTYPROMPT. This is also the bug
> mentioned in Jonathan's original letter (bid:5531).
Which is plain wrong. This may be true for the 64 times " c" method, but in
the generic case it does not matter.
The second bug in login, where login walks out of a 64 (char *) array can be
exploited remotely to gain root privileges even if you cannot login as root
legally and even if you do not touch TTYPROMPT at all.
> If you have applied patches for these 2 bugs, you are safe now.
And everybody should have done so since November 2001.
> --
> bu,zheng <buzheng2001@yahoo.com>
ciao,
Sebastian
--
-. scut@nb.in-berlin.de -. + http://segfault.net/~scut/ `--------------------.
-' segfault.net/~scut/pgp `' 5453 AC95 1E02 FDA7 50D2 A42D 427E 6DEF 745A 8E07
`- project grasp infiltrated, phantom works falling. hi echelon! ------------'
