Dear Marc,
This is hilarious, should there ever be a Top10 of the most weird bugs,
this surely is one of them, repost for pure amusement :
Solaris 2.6, 7, and 8 /bin/login has a vulnerability involving the
environment variable TTYPROMPT. This vulnerability has already been
reported to BugTraq
Darren Reed wrote:
In some mail from Joe Shamblin, sie said:
How about just uncommenting the following from /etc/default/login
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console
Not a fix to be sure,
Confirmed this vulnerability does not affect MacOSX.
just1n
--
___
Get your free email from http://www.sanriotown.com
___
Get a free @hellokitty.com, @mymelody.com, or @kuririnmail.com email account
today
Just1n T1mberlake wrote:
Confirmed this vulnerability does not affect MacOSX.
Well, it wouldn't, since MacOS is based on FreeBSD, not OpenSolaris.
Matthew Flaschen
signature.asc
Description: OpenPGP digital signature
___
Full-Disclosure - We
On Tue, 13 Feb 2007, Gadi Evron wrote:
We all agree it is not a very likely possibility, but I wouldn't rule it
out completely just yet until more information from Sun becomes
available.
What more information do you need? You have an advisory, access to the
source code, access to the change
On Thu, 15 Feb 2007, Damien Miller wrote:
On Tue, 13 Feb 2007, Gadi Evron wrote:
We all agree it is not a very likely possibility, but I wouldn't rule it
out completely just yet until more information from Sun becomes
available.
What more information do you need? You have an advisory,
In some mail from Joe Shamblin, sie said:
How about just uncommenting the following from /etc/default/login
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console
Not a fix to be sure, but at least prevents a
[EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to
If someone was going to plant a backdoor in Solaris, don't you think they
would have chosen a service that most people would leave turned on? The only
way I can see someone choosing telnet for a backdoor is if it happened a
long time ago. So, two things I'm curious about, but too busy (lazy)
The simplest possible fix on such short notice:
http://cvs.opensolaris.org/source/diff/onnv/onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/in.telnetd.c
?r2=3629r1=2923
Casper
How about just uncommenting the following from /etc/default/login
# If CONSOLE is set, root can only login on that
From: Ham Beast [EMAIL PROTECTED]
seriously why the fuck is 10 email on the telnet of the solaris with
worthless content by gadi enron in mine inbox?
I could be wrong, but I strongly suspect the reason to be someone exploiting
the grok.org.uk with the 'full-disclosure' ID and mass-mailing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Feb 12, 2007 at 12:00:30AM -0600, Gadi Evron wrote:
Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:
If you run Solaris, please check if you got telnet enabled NOW. If you
can, block
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV. It has specifically to do with
how arguments are processed via getopt() if I recall correctly.
Oliver
On Tue, 13 Feb 2007, Gadi Evron wrote:
I have to agree with a previous poster and suspect (only suspect) it
could somehow be a backdoor rather than a bug.
You're attributing malice to what could be equally well (or better!)
explained by incompetence or gross negligence. The latter two haunt
On Mon, 12 Feb 2007, Oliver Friedrichs wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV. It has specifically to do with
how arguments are processed via
Gadi,
It looks like I was confused, this actually affected AIX and Linux in
1994:
http://www.securityfocus.com/bid/458/info
http://www.cert.org/advisories/CA-1994-09.html
Oliver
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 13, 2007 1:46 AM
To:
On Tue, 13 Feb 2007, Oliver Friedrichs wrote:
Gadi,
It looks like I was confused, this actually affected AIX and Linux in
1994:
http://www.securityfocus.com/bid/458/info
http://www.cert.org/advisories/CA-1994-09.html
Same same but with rlogin, as someone mentioned on DSHIELD.
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV. It has specifically to do w=
ith
how arguments are processed via getopt() if I recall correctly.
You're confused
On Tue, 13 Feb 2007, Michal Zalewski wrote:
On Tue, 13 Feb 2007, Gadi Evron wrote:
I have to agree with a previous poster and suspect (only suspect) it
could somehow be a backdoor rather than a bug.
You're attributing malice to what could be equally well (or better!)
explained by
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV. It has specifically to do w=
ith
how arguments are processed
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV. It has
On Tue, 13 Feb 2007, Gadi Evron wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
Yeah, a backdoor is a remote possibility. But it's also an arbitrary and
needlessly complex one. Maybe it's a nefarious plot by our UFO-appointed
shadow government, but chances are, it's not (they have better things to
do today).
And one which
Yeah, a backdoor is a remote possibility. But it's also an arbitrary and
needlessly complex one. Maybe it's a nefarious plot by our UFO-appointed
shadow government, but chances are, it's not (they have better things to
do today).
And one which was too easy to discover; real back doors are better
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
Am I missing something? This vulnerability is close to 10 years old.
It was in one of the first versions of Solaris after Sun moved off of
the SunOS BSD platform and over to SysV. It has specifically to do w=
ith
how arguments are processed
seriously why the fuck is 10 email on the telnet of the solaris with
worthless content by gadi enron in mine inbox?
off take your jacket sports please
On 2/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL PROTECTED] wrote:
On Tue, 13 Feb 2007 [EMAIL
Dear Casper Dik ([EMAIL PROTECTED]),
I wasn't crying wolf about a Backdoor, heck I am not Steve Gibson. I
was asking whether somebody will investigate why this hasn't been
caught by audits or simply QA ?
CDSC And one which was too easy to discover;
You said it, it's easy to discover, so who has
Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:
If you run Solaris, please check if you got telnet enabled NOW. If you
can, block port 23 at your perimeter. There is a fairly trivial
Solaris telnet 0-day.
telnet -l -froot [hostname]
On Mon, Feb 12, 2007 at 12:00:30AM -0600, Gadi Evron wrote:
Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:
Tested around, and it does indeed work, on all solaris 10 (sparc x86).
Update from HD Moore:
but this bug isnt -froot, its -fanythingbutroot
hi,
I tested with SunOS 5.7, 5.8,5.9 and 5.10 . Only SunOS 5.19 and
Solaris 10(Sparc) seems to be vulnerable with my systems.
On 2/12/07, Vincent Archer [EMAIL PROTECTED] wrote:
On Mon, Feb 12, 2007 at 12:00:30AM -0600, Gadi Evron wrote:
Johannes Ullrich from the SANS ISC sent this to me and
Vincent Archer writes:
We do, and we confirm. The info is spreading like wildfire, and justifiably
so - I thought this bug category (-fuser) was squashed last with AIX over
10 years ago.
Everybody with the BSD tools had this bug 10-12 years ago; AIX stood out
because there was some guy at IBM
31 matches
Mail list logo
