This is bullshit. I tested this using Solaris 8 just now.
I tested it with both Solaris 8 sparc and Solaris 8 intel.
How can you let this pass, you're a moderated list.
----- Forwarded message from Keven Belanger <[EMAIL PROTECTED]> -----
Received: from vikki.vulnwatch.org ([199.233.98.101])
by netsys.com (8.11.6/8.11.6) with SMTP id g85G2CK19967
for <[EMAIL PROTECTED]>; Thu, 5 Sep 2002 12:02:12 -0400 (EDT)
Received: (qmail 24111 invoked by alias); 5 Sep 2002 16:46:11 -0000
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]
Received: (qmail 18991 invoked from network); 5 Sep 2002 16:18:35 -0000
X-Authentication-Warning: avd.Logicon.CA: mail set sender to <[EMAIL PROTECTED]>
using -f
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C254F1.0C94CFE9"
Date: Thu, 5 Sep 2002 11:29:39 -0400
Message-ID: <[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: vuln in login under solaris
Thread-Index: AcJU8QwqfnT+ZTzPTtm8WFZxYxpWuQ==
Sensitivity: Company-Confidential
From: "Keven Belanger" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [VulnWatch] vuln in login under solaris
Name : Keven Belanger
E-mail : [EMAIL PROTECTED]
Phone / fax : (819) 825-8049 x7717
Affiliation and address: Logicon inc.
100, des Distributeurs
Val-d'Or (Quebec)
Canada J9P 6Y1
Have you reported this to the vendor? yes
If so, please let us know whom you've contacted:
Date of your report : September 05, 2002
Vendor contact e-mail : [EMAIL PROTECTED]
CERT have been advised too...
Please describe the vulnerability.
---------------------------------
Unlike other unix based OS, when Solaris authenticate the user it let
the user
came in even if the password is not really "correct" Let me explain:
My username is sysadmin
My password is qwerty
If I log on with sysadmin/qwerty it work
If I log on with sysadmin/qwert123 it work too!
We can add any caracter after the currect password and it work!!
What is the impact of this vulnerability?
----------------------------------------
(For example: local user can gain root/privileged access, intruders
can create root-owned files, denial of service attack, etc.)
a) What is the specific impact:
User can gain root access
b) How would you envision it being used in an attack scenario:
User can gain root access via brute force password attack
If the attacker try 8 caracter brute force attack it will for
for password that have less that 8 caracter too, so it can gain
root access faster.
He don't have to try password with 1, 2, 3, 4... caracteres,
try something beetween 8 and 10 et voila...
System : SUN Solaris
OS version : 8 for Sparc and intel, not tested with other version
Verified/Guessed: Verified
For more infoamtion/explanation call me or write a email
K�ven Belanger
Analyste en solutions de s�curit�
Logicon Inc. - Division S�curit�
819.825.8049 x7717
800.567.6399 x7717
----- End forwarded message -----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
