[3020] in bugtraq
Re: Zolaris 2.5 Exploited.
daemon@ATHENA.MIT.EDU (Leif Hedstrom)
Thu Jul 25 23:10:15 1996
Date: Thu, 25 Jul 1996 19:49:33 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Leif Hedstrom <leif@netscape.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
>Jungseok Roh writes:
>Wow.. I got a chance to use Ultra Sparc who runs Zolaris 2.5 several days ago
neat...
Fwiw, I believe "admintool" in Solaris-2.5 has exactly the same problem.
/tmp/.group.lock for instance is created 666, no security checks...
Just go to the "Groups" menu, and you'll have a nice and clean /.rhosts
file to play with... :(
-- Leif
