[978] in bugtraq
Re: Solaris 2.3-2.4 Audit Bug
daemon@ATHENA.MIT.EDU (John D'Agostino)
Mon Feb 13 17:35:58 1995
Date: Mon, 13 Feb 1995 09:31:44 -0600
To: Christopher Klaus <cklaus@shadow.net>
From: dagostin@killerbee.jsc.nasa.gov (John D'Agostino)
Cc: bugtraq@fc.net
At 05:45 PM 2/12/95, Christopher Klaus wrote:
>>
>> I'm sorry if this has been discussed before.
>>
>> There is a major security problem with auditing under solaris 2.3
>> and 2.4. If you run bsmconv to turn on auditing, any user can
>> break root very very easily. I'ld say more but I'ld like to give
>> sun at least a little bit of a chance to fix it first.
>>
>> I have access to the source code for the os and have tracked down
>> the one line of bad code. How can I contact Sun to tell them the
>> problem with this line of code?????????????
>
>Send email to info@iss.net with the following in the body of the message:
>
>send vendor for faq
>
>This will send you the FAQ for various vendors to get in touch with.
>
>You can also email Sun at security-alert@sun.com and I am sure Mark Graff
>can help you.
>
>Chris
>
>--
Hey Chris,
Is this going to be in our class as well? Also, has John gotten you the info
about the net address ranges yet?
=====================================================
/ I am a peripheral visionary... \
| I can sort of see the future ok... |
| It's just off to the side |
|=======================================================|
| NASA MOD AIS Security Engineering Team |
| --==8==-- |
| dagostin@killerbee.jsc.nasa.gov (713)-282-3717) |
\_________________________________ FAX: (713)-282-4922 /
