John, There is a known buffer overflow in Solaris (pre 8) which would affect 2.6.
See advisory 12/12/01 CERT Advisory CA-2001-34 Buffer Overflow in System V Derived Login for more details. Supposedly this vulnerability provides remote root access when correctly exploited. I believe Sun provided patches for this issue shortly after the advisory was issued. Pete Rotheroe Paladin Technologies, Inc. Rovert John F DLVA wrote: >Greetings > > I have, what I hope is a simple question. > > We are running PVCS Dimensions 6.0 SP2 > from Merant. > > I am currently embroiled in a rather heated > discussion with management about possible > user threats to the above package. > > Does anyone have any experience pen-testing > this, or know of any attacks that may > allow root access to the underlying system? > > The above is on a Sun Ultra Enterprise > running Solaris 5.6 > > Thanks in advance for any information > >John F. Rovert > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service. For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
