[3026] in bugtraq
Re: Zolaris 2.5 Exploited.
daemon@ATHENA.MIT.EDU (Eugene Bradley)
Fri Jul 26 12:56:51 1996
Date: Fri, 26 Jul 1996 11:46:38 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Eugene Bradley <ebradley@andromeda.rutgers.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Jungseok Roh <beren@cosmos.kaist.ac.kr> writes:
-----BEGIN PGP SIGNED MESSAGE-----
[disclaimer: I'm not a system administrator on any UNIX system on campus]
I took a look at the kcms_* exploit script this morning. It didn't
work. (this was on a Solaris 2.5 server for students)
* To access X on the student UNIX server, the student labs run PC-Xware
2.0 running on Windows 3.1 over a Novell 3.12 network. The only people
on campus with access to the Sun Workstations (and thus the monitor
types that can be accessed and calibrated properly with the kcms_* tools)
are network administrators and system administrators. For obvious reasons
the kcms_* tools didn't work on PC-Xware, as PC-Xware is solely dependent
on what video driver(s) Windows 3.1 loads on startup. -:)
* For the rsh portion of the exploit script, the file /etc/hosts.equiv
must exist in order for this crucial portion of the exploit script (rsh)
to be successful. On both the student and the faculty UNIX servers,
there is no /etc/hosts.equiv file, as neither the students nor the
faculty on campus share UNIX servers.
In short, the kcms_* exploit script fails when
* it's used on any X server emulator that is _not_ dependent on kcms_*
to calibrate the monitor (except the obvious Sun Workstation console)
* it's on a system with no /etc/hosts.equiv file that rsh
depends on for its usage.
Correct me if I happen to be wrong on any or all of these points.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMfjnqhskmjHS+zH1AQHn8AP8DOAJiuFuerCgGibZFEQg2mY+B6rygI2I
fp+7IKtKYr+jqglevndAI1tZU7JOt1WjN+4UXAa047ClJkA3N8uST4OsUnQ/z4ao
+wPnY7CUiRKQMtxgPXOHjEa8EY/fL8t4yOk5sawmEK0otEpoWlz+cMp5IHDW2Kyk
ghvjbXu8Cos=
=Uouu
-----END PGP SIGNATURE-----
--
Eugene Bradley | finger me for my PGP public key
webmaster of misery.winter.org
PGP Fingerprint = 55 70 DE 84 FE E1 3D 50 7F C2 88 22 30 8C 81 9E
<a href="http://www.armory.com/~ebradley"> Eugene's W^3 Duckpond </a>
